[colug-432] qmail SSL using wrong certificate

Robert Grimm robertgrimm at gmail.com
Fri Jan 4 12:08:58 EST 2013


I don't have SELinux.

There was no typo. I'm new to SSL, so I followed the instructions that
Digicert provided. They said to combine, in order, the private key, the
primary certificate, the intermediate certificate, and the root
certificate, then replace the old .pem file with the new one and restart
qmail. I did exactly that and ended up with it still providing the old
certificate.

I am using daemontools and ucspi-tcp, as well as ucspi-ssl. There are no
cron jobs that do anything with qmail or the certificate.

Robert Grimm
Voice only: (614) 212-4625
http://www.datablitz.net
http://www.grimmphotography.com



> This is a flag: server's private key paired with something downloaded.
>
> The certificate (self signed or otherwise) should have only the
> *public* key, not the private.
>
> I don't know DigiCert, but would expect what you download to be a
> properly formed certificate.
>
> How does the private key get there?  Are you appending things?  (or
> was it just a typo?)
>
> You can probably eyeball the cert they give you with ...
>
>         openssl asn1parse -inform pem -in /the/downloaded/PEM/file
>
> You should see things you recognize, and also a bit string following
> the "rsaEncryption" OID that roughly matches the key size.  (Where a
> 1024 bit key will be 128 bytes of "modulus" plus a little for the
> exponent and ASN.1 structure.)  The X.509 stuff is a pain to learn.
> (And is loads of bloat even after you start to recognize usable
> patterns.)
>
> I hope this helps.
>
> > Robert Grimm
> > Voice only: (614) 212-4625
> > http://www.datablitz.net
> > http://www.grimmphotography.com
> >
> > _______________________________________________
> > colug-432 mailing list
> > colug-432 at colug.net
> > http://lists.colug.net/mailman/listinfo/colug-432
> >
>
>
>
> --
> -- R;   <><
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130104/2e046da6/attachment.html 


More information about the colug-432 mailing list