<div>I don't have SELinux.</div><div><br></div>There was no typo. I'm new to SSL, so I followed the instructions that Digicert provided. They said to combine, in order, the private key, the primary certificate, the intermediate certificate, and the root certificate, then replace the old .pem file with the new one and restart qmail. I did exactly that and ended up with it still providing the old certificate.<div>
<br></div><div>I am using daemontools and ucspi-tcp, as well as ucspi-ssl. There are no cron jobs that do anything with qmail or the certificate.<br clear="all"><div><br>Robert Grimm<br>Voice only: (614) 212-4625<br><a href="http://www.datablitz.net" target="_blank">http://www.datablitz.net</a><br>
<a href="http://www.grimmphotography.com" target="_blank">http://www.grimmphotography.com</a><br></div>
<br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
</div>This is a flag: server's private key paired with something downloaded.<br>
<br>
The certificate (self signed or otherwise) should have only the<br>
*public* key, not the private.<br>
<br>
I don't know DigiCert, but would expect what you download to be a<br>
properly formed certificate.<br>
<br>
How does the private key get there? Are you appending things? (or<br>
was it just a typo?)<br>
<br>
You can probably eyeball the cert they give you with ...<br>
<br>
openssl asn1parse -inform pem -in /the/downloaded/PEM/file<br>
<br>
You should see things you recognize, and also a bit string following<br>
the "rsaEncryption" OID that roughly matches the key size. (Where a<br>
1024 bit key will be 128 bytes of "modulus" plus a little for the<br>
exponent and ASN.1 structure.) The X.509 stuff is a pain to learn.<br>
(And is loads of bloat even after you start to recognize usable<br>
patterns.)<br>
<br>
I hope this helps.<br>
<div class="im"><br>
> Robert Grimm<br>
> Voice only: <a href="tel:%28614%29%20212-4625" value="+16142124625">(614) 212-4625</a><br>
> <a href="http://www.datablitz.net" target="_blank">http://www.datablitz.net</a><br>
> <a href="http://www.grimmphotography.com" target="_blank">http://www.grimmphotography.com</a><br>
><br>
</div>> _______________________________________________<br>
> colug-432 mailing list<br>
> <a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
> <a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
--<br>
-- R; <><<br>
_______________________________________________<br>
colug-432 mailing list<br>
<a href="mailto:colug-432@colug.net">colug-432@colug.net</a><br>
<a href="http://lists.colug.net/mailman/listinfo/colug-432" target="_blank">http://lists.colug.net/mailman/listinfo/colug-432</a><br>
</font></span></blockquote></div><br></div>