1 Topic by mvman

  • mvman
  • Member
  • Offline
  • Registered: 2024-07-23
  • Posts: 1

Topic: SSL Cert Installation

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version: 1.7.1
- Deployed with downloadable installer
- Debian 12
- Store mail accounts in OpenLDAP
- Web server: Nginx
- Manage mail accounts with iRedAdmin
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====
Hello, I'm running into issues when installing an existing known working Entrust SSL cert. I've followed the tutorial provided on the website, and incorporated other info found on the web.

I'm consistently having issues when restarting nginx after installation, receive error for a mismatching key. This is the same key used on other server with no issue, thinking this could be a formatting issue. Just don't know how to fix.

Tried combining the ServerCert and ChainBundle using several methods with no success.

Any help is appreciated.

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by luke31

  • luke31
  • Member
  • Offline
  • From: Switzerland
  • Registered: 2024-04-02
  • Posts: 10

Re: SSL Cert Installation

So you've replaced the key and the certificate?

3 Reply by topcoder (edited by topcoder 2024-09-23 02:53:59)

  • topcoder
  • Member
  • Offline
  • Registered: 2012-04-30
  • Posts: 6

Re: SSL Cert Installation

Use openSSL and make sure the keys match.. 

openssl x509 -noout -modulus -in server.crt | openssl md5
openssl rsa -noout -modulus -in server.key | openssl md5

If these two commands produce the same MD5 hash, then your key and certificate match. If they don't, you have a mismatch.

If you combine certificates make sure the server one is first, actually in this order

cat server.crt intermediate.crt root.crt > combined.pem

topcoder's Website

4 Reply by luke31 (edited by luke31 2024-09-23 15:40:52)

  • luke31
  • Member
  • Offline
  • From: Switzerland
  • Registered: 2024-04-02
  • Posts: 10

Re: SSL Cert Installation

topcoder wrote:

cat server.crt intermediate.crt root.crt > combined.pem

You don't have to include the root certificate. Just the intermediate.

I'm assuming you included the lines -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- in the key and -----BEGIN CERTIFICATE-----, -----END CERTIFICATE-----, -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- in the combined certificate.

Are the certificates in the right path and with the right name? (/etc/ssl/certs/iRedMail.crt and /etc/ssl/private/iRedMail.key)