Re: [exim] setting up purchased SSL certificates on existing…

Top Page
Delete this message
Reply to this message
Author: Heiko Schlittermann
Date:  
To: exim-users
Subject: Re: [exim] setting up purchased SSL certificates on existing system
Gary Stainburn via Exim-users <exim-users@???> (Mo 30 Apr 2018 15:58:52 CEST):
> I have now purchased (through 123-reg) a SSL certificate and I am trying to
> install it on the server.
>
> However, copious Google searches all seem to be bringing up the same few
> articles, most of which are for specific platforms, e.g. those with cPanel
> installed.
>
> tls_certificate = /etc/pki/tls/certs/exim.pem
> tls_privatekey = /etc/pki/tls/private/exim.pem



> My problem is that from my SSL certificate purchase I have an "Intermediate
> Certificate" and a 'SSL Certificate'. The second of which is apparently
> formatted for web software including Apache. I did not receive any key files.


The intermediate cert(s) are probably in PEM format as the certificate
you bought.

You can concat all files


    cat CERT-PEM BUNDLE-PEM KEY-PEM > DIR/ssl.pem


And configure Exim using the same file for everything:
    tls_certificate = DIR/ssl.pem
    # tls_privatekey = 



Of cause, replace CERT-PEM, BUNDLE-PEM, KEY-PEM, and DIR with the approbiate names
Any text (as output from some certificate authorities) doesn't matter,
als long as the lines between

    ------- BEGIN whatever -------
    <base64 encoded whatever>
    ------- END whatever ------


are left intact.
Keep care to "unprotect" your key:

    openssl rsa -in KEY-PEM -out KEY-PEM


Or just combine everything:

    cat CERT-PEM BUNDLE-PEM <(openssl rsa -in KEY-PEM) > DIR/ssl.pem


    Best regards from Dresden/Germany
    Viele Grüße aus Dresden
    Heiko Schlittermann
-- 
 SCHLITTERMANN.de ---------------------------- internet & unix support -
 Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
 gnupg encrypted messages are welcome --------------- key ID: F69376CE -
 ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -