Group: netwin.surgemail
From: surgemail-support <surgemail-support@netwinsite.com>
Subject: Re: [SurgeMail List] SSL Help
Date: Tue, 24 Jan 2017 15:25:26 +1300

COPY 60fe102036719acd.crt to  

    surgemail\ssl\surge_cert.pem

copy gdig2_bundle.crt to   

    surgemail\ssl\surge_chain.pem

Or if not running the latest build, then append the bundle file to the first file (order counts, the certificate goes first, bundle second), and copy that to surge_cert.pem (or upload/paste it)

If pasting the files together, be sure not to loose line endings, if the lines are not all even length and clear to read like this:

-----BEGIN CERTIFICATE-----
MIIC0DCCAbigAwIBAwIEnehggDANBgkqhkiG9w0BAQsFADAqMRcwFQYDVQQDDA5u
ZXR3aW5zaXRlLmNvbTEPMA0GA1UECgwGbmV0d2luMB4XDTE3MDEyMjAwNTA1MloX
DTI3MDEyMjAwNTA1MlowKjEXMBUGA1UEAwwObmV0d2luc2l0ZS5jb20xDzANBgNV
.....

Then the file line endings are probably messed up, use unix2dos or dos2unix or an editor that can cope with both formats (notepad++ rather than notepad)

    ChrisP.



On 24/01/2017 3:19 p.m., Randy Zumwalde wrote:
I got the signed certificate back but I'm not sure which I should paste into the SSL Certificate(s) box.
One file I received from godaddy is gdig2_bundle.crt and the other is 60fe102036719acd.crt
One file has 1 set of -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
and the other has 2 sets of -----BEGIN CERTIFICATE----- -----END CERTIFICATE-----
I'm not sure which I should use.

Randy Zumwalde • Tel: 513.651.1888
The John K. Howe Company, Inc.
7188 Main Street | Cincinnati, OH 45244

Be sure to visit us online at http://www.ehowe.com
Like us on Facebook at https://www.facebook.com/howemarketing
Looking for product ideas? visit http://ehowe.mypromohq.com

On 1/23/17 7:37 PM, Eric Vey wrote:

Chris,

We need better documentation for SSL certificate handling. The documentation for self issued certificates is fine, but things need to be made easier when using Let's Encrypt and other certificate issuers. We are being told that unless we encrypt end-to-end we are bad. Teach us how to do it right.

Eric Vey

On January 23, 2017 7:28:52 PM surgemail-support <surgemail-support@netwinsite.com> wrote:

First, apologies, and thanks for bringing this to my attention, after some tests I've realized it's doing exactly what you describe (which it shouldn't be).

We will fix in the next build.

Anyway, to recreate the private file just restart surgemail, that will recreate it, then click on the create csr button then show csr button. 

This will currently replace your existing public key too (incorrectly).  But as soon as you get the signed certificate back it will stop client errors.

    ChrisP.



On 24/01/2017 12:12 p.m., Randy Zumwalde wrote:
How do I recreate the priv file. Do I do this within SurgeMail.
Sorry I have a hard time figuring this out.
The server got messed up just by me clicking on the New CSR button from the SurgeMail web admin and none of my users were able to get mail cause it said the certificate was not trusted. I didn't do anything to the self-signed certificate. I was only trying to generate a CSR to send to GoDaddy

Randy Zumwalde • Tel: 513.651.1888
The John K. Howe Company, Inc.
7188 Main Street | Cincinnati, OH 45244

Be sure to visit us online at http://www.ehowe.com
Like us on Facebook at https://www.facebook.com/howemarketing
Looking for product ideas? visit http://ehowe.mypromohq.com

On 1/19/17 2:53 PM, surgemail-support wrote:
re: 2048 bit csr.

The old private key is not replaced if it already exists, so to force it to create a 2048 bit key delete your existing surge_priv.pem file first then recreate the priv file and csr

ChrisP









From: Randy Zumwalde <zumwalde.rl@ehowe.com>
Date: Mon, 23 Jan 2017 22:02:48 -0500

This is a multi-part message in MIME format.
--------------A2E9FF47F886A09AA3251BCF
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit

Thanks so much for your help Chris!

*Randy Zumwalde* • Tel: 513.651.1888
The John K. Howe Company, Inc.
7188 Main Street | Cincinnati, OH 45244

Be sure to visit us online at http://www.ehowe.com
Like us on Facebook at _https://www.facebook.com/howemarketing_
Looking for product ideas? visit _http://ehowe.mypromohq.com_

On 1/23/17 9:25 PM, surgemail-support wrote:
>
> COPY 60fe102036719acd.crt to
>
>     surgemail\ssl\surge_cert.pem
>
> copy gdig2_bundle.crt to
>
>     surgemail\ssl\surge_chain.pem
>
> Or if not running the latest build, then append the bundle file to the 
> first file (order counts, the certificate goes first, bundle second), 
> and copy that to surge_cert.pem (or upload/paste it)
>
> If pasting the files together, be sure not to loose line endings, if 
> the lines are not all even length and clear to read like this:
>
> -----BEGIN CERTIFICATE----- 
> MIIC0DCCAbigAwIBAwIEnehggDANBgkqhkiG9w0BAQsFADAqMRcwFQYDVQQDDA5u 
> ZXR3aW5zaXRlLmNvbTEPMA0GA1UECgwGbmV0d2luMB4XDTE3MDEyMjAwNTA1MloX 
> DTI3MDEyMjAwNTA1MlowKjEXMBUGA1UEAwwObmV0d2luc2l0ZS5jb20xDzANBgNV ....
>
> Then the file line endings are probably messed up, use unix2dos or 
> dos2unix or an editor that can cope with both formats (notepad++ 
> rather than notepad)
>
> ChrisP.
>
>
>
> On 24/01/2017 3:19 p.m., Randy Zumwalde wrote:
>> I got the signed certificate back but I'm not sure which I should 
>> paste into the SSL Certificate(s) box.
>> One file I received from godaddy is gdig2_bundle.crt and the other is 
>> 60fe102036719acd.crt
>> One file has 1 set of -----BEGIN CERTIFICATE----- -----END 
>> CERTIFICATE-----
>> and the other has 2 sets of -----BEGIN CERTIFICATE----- -----END 
>> CERTIFICATE-----
>> I'm not sure which I should use.
>>
>> *Randy Zumwalde* • Tel: 513.651.1888
>> The John K. Howe Company, Inc.
>> 7188 Main Street | Cincinnati, OH 45244
>>
>> Be sure to visit us online at http://www.ehowe.com
>> Like us on Facebook at _https://www.facebook.com/howemarketing_
>> Looking for product ideas? visit _http://ehowe.mypromohq.com_
>>
>> On 1/23/17 7:37 PM, Eric Vey wrote:
>>>
>>> Chris,
>>>
>>> We need better documentation for SSL certificate handling. The 
>>> documentation for self issued certificates is fine, but things need 
>>> to be made easier when using Let's Encrypt and other certificate 
>>> issuers. We are being told that unless we encrypt end-to-end we are 
>>> bad. Teach us how to do it right.
>>>
>>> Eric Vey
>>>
>>> On January 23, 2017 7:28:52 PM surgemail-support 
>>> <surgemail-support@netwinsite.com> wrote:
>>>
>>>> First, apologies, and thanks for bringing this to my attention, 
>>>> after some tests I've realized it's doing exactly what you describe 
>>>> (which it shouldn't be).
>>>>
>>>> We will fix in the next build.
>>>>
>>>> Anyway, to recreate the private file just restart surgemail, that 
>>>> will recreate it, then click on the create csr button then show csr 
>>>> button.
>>>>
>>>> This will currently replace your existing public key too 
>>>> (incorrectly).  But as soon as you get the signed certificate back 
>>>> it will stop client errors.
>>>>
>>>>     ChrisP.
>>>>
>>>>
>>>>
>>>> On 24/01/2017 12:12 p.m., Randy Zumwalde wrote:
>>>>> How do I recreate the priv file. Do I do this within SurgeMail.
>>>>> Sorry I have a hard time figuring this out.
>>>>> The server got messed up just by me clicking on the New CSR button 
>>>>> from the SurgeMail web admin and none of my users were able to get 
>>>>> mail cause it said the certificate was not trusted. I didn't do 
>>>>> anything to the self-signed certificate. I was only trying to 
>>>>> generate a CSR to send to GoDaddy
>>>>>
>>>>> *Randy Zumwalde* • Tel: 513.651.1888
>>>>> The John K. Howe Company, Inc.
>>>>> 7188 Main Street | Cincinnati, OH 45244
>>>>>
>>>>> Be sure to visit us online at http://www.ehowe.com
>>>>> Like us on Facebook at _https://www.facebook.com/howemarketing_
>>>>> Looking for product ideas? visit _http://ehowe.mypromohq.com_
>>>>>
>>>>> On 1/19/17 2:53 PM, surgemail-support wrote:
>>>>>> re: 2048 bit csr.
>>>>>>
>>>>>> The old private key is not replaced if it already exists, so to 
>>>>>> force it to create a 2048 bit key delete your existing 
>>>>>> surge_priv.pem file first then recreate the priv file and csr
>>>>>>
>>>>>> ChrisP
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>
>>
>


--------------A2E9FF47F886A09AA3251BCF
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 8bit

<html>
  <head>
    <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Thanks so much for your help Chris!<br>
    <br>
    <div class="moz-signature"><span style="font-size:11pt"><font
          color="red" face="Helvetica, Verdana, Arial"><b>Randy Zumwalde</b></font></span>
      <span style="font-size:9pt"><font color="#3b3b3b" face="Calibri,
          Verdana, Helvetica, Arial"> • Tel: 513.651.1888
          <br>
          The John K. Howe Company, Inc.
          <br>
          7188 Main Street | Cincinnati, OH 45244<br>
        </font></span>
      <span style="font-size:10pt"><font face="Helvetica, Verdana,
          Arial">
          <br>
          Be sure to visit us online at <font color="#0000FF"><a
              href="http://www.ehowe.com">http://www.ehowe.com</a></font>
          <br>
          Like us on Facebook at <font color="#0000FF"><u><a
                href="https://www.facebook.com/howemarketing">https://www.facebook.com/howemarketing</a></u></font>
          <br>
          Looking for product ideas? visit <font color="#0000FF"><u><a
                href="http://ehowe.mypromohq.com">http://ehowe.mypromohq.com</a></u></font><br>
        </font></span>
      <br>
    </div>
    <div class="moz-cite-prefix">On 1/23/17 9:25 PM, surgemail-support
      wrote:<br>
    </div>
    <blockquote
      cite="mid:dfdf2c02-055b-837f-dd87-0c385ee6089d@netwinsite.com"
      type="cite">
      <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
      <p>COPY 60fe102036719acd.crt to   <br>
      </p>
      <p>    surgemail\ssl\surge_cert.pem</p>
      <p>copy gdig2_bundle.crt to    <br>
      </p>
      <p>    surgemail\ssl\<span style="color: rgb(0, 0, 0);
          font-family: Arial; font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;">surge_chain.pem</span></p>
      <p><span style="color: rgb(0, 0, 0); font-family: Arial;
          font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;">Or if not
          running the latest build, then append the bundle file to the
          first file (order counts, the certificate goes first, bundle
          second), and copy that to surge_cert.pem (or upload/paste it)</span></p>
      <p><span style="color: rgb(0, 0, 0); font-family: Arial;
          font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;">If
          pasting the files together, be sure not to loose line endings,
          if the lines are not all even length and clear to read like
          this:<br>
        </span></p>
      <pre><tt><span style="color: rgb(0, 0, 0); font-size: 13.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(254, 254, 236); display: inline ! important; float: none;">-----BEGIN CERTIFICATE-----
MIIC0DCCAbigAwIBAwIEnehggDANBgkqhkiG9w0BAQsFADAqMRcwFQYDVQQDDA5u
ZXR3aW5zaXRlLmNvbTEPMA0GA1UECgwGbmV0d2luMB4XDTE3MDEyMjAwNTA1MloX
DTI3MDEyMjAwNTA1MlowKjEXMBUGA1UEAwwObmV0d2luc2l0ZS5jb20xDzANBgNV
.....</span></tt></pre>
      <p><span style="color: rgb(0, 0, 0); font-family: Arial;
          font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;">Then the
          file line endings are probably messed up, use unix2dos or
          dos2unix or an editor that can cope with both formats
          (notepad++ rather than notepad)</span></p>
      <p><span style="color: rgb(0, 0, 0); font-family: Arial;
          font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;">   
          ChrisP.</span></p>
      <p><span style="color: rgb(0, 0, 0); font-family: Arial;
          font-size: 13.3333px; font-style: normal;
          font-variant-ligatures: normal; font-variant-caps: normal;
          font-weight: normal; letter-spacing: normal; orphans: 2;
          text-align: start; text-indent: 0px; text-transform: none;
          white-space: normal; widows: 2; word-spacing: 0px;
          -webkit-text-stroke-width: 0px; background-color: rgb(254,
          254, 236); display: inline !important; float: none;"><br>
        </span></p>
      <br>
      <div class="moz-cite-prefix">On 24/01/2017 3:19 p.m., Randy
        Zumwalde wrote:<br>
      </div>
      <blockquote
        cite="mid:11f05946-385c-f995-1539-7bccfd86c8f5@ehowe.com"
        type="cite">
        <meta content="text/html; charset=utf-8"
          http-equiv="Content-Type">
        I got the signed certificate back but I'm not sure which I
        should paste into the SSL Certificate(s) box.<br>
        One file I received from godaddy is gdig2_bundle.crt and the
        other is 60fe102036719acd.crt<br>
        One file has 1 set of -----BEGIN CERTIFICATE----- -----END
        CERTIFICATE-----<br>
        and the other has 2 sets of -----BEGIN CERTIFICATE----- -----END
        CERTIFICATE-----<br>
        I'm not sure which I should use.<br>
        <br>
        <div class="moz-signature"><span style="font-size:11pt"><font
              color="red" face="Helvetica, Verdana, Arial"><b>Randy
                Zumwalde</b></font></span> <span style="font-size:9pt"><font
              color="#3b3b3b" face="Calibri, Verdana, Helvetica, Arial">
              • Tel: 513.651.1888 <br>
              The John K. Howe Company, Inc. <br>
              7188 Main Street | Cincinnati, OH 45244<br>
            </font></span> <span style="font-size:10pt"><font
              face="Helvetica, Verdana, Arial"> <br>
              Be sure to visit us online at <font color="#0000FF"><a
                  moz-do-not-send="true" href="http://www.ehowe.com">http://www.ehowe.com</a></font>
              <br>
              Like us on Facebook at <font color="#0000FF"><u><a
                    moz-do-not-send="true"
                    href="https://www.facebook.com/howemarketing">https://www.facebook.com/howemarketing</a></u></font>
              <br>
              Looking for product ideas? visit <font color="#0000FF"><u><a
                    moz-do-not-send="true"
                    href="http://ehowe.mypromohq.com">http://ehowe.mypromohq.com</a></u></font><br>
            </font></span> <br>
        </div>
        <div class="moz-cite-prefix">On 1/23/17 7:37 PM, Eric Vey wrote:<br>
        </div>
        <blockquote
          cite="mid:159cde84360.2858.29935be4871fdf37a0211382485d9c02@ericvey.com"
          type="cite">
          <div style="color: black;">
            <div style="color: black;">
              <p style="margin: 0 0 1em 0; color: black;">Chris, </p>
              <p style="margin: 0 0 1em 0; color: black;">We need better
                documentation for SSL certificate handling. The
                documentation for self issued certificates is fine, but
                things need to be made easier when using Let's Encrypt
                and other certificate issuers. We are being told that
                unless we encrypt end-to-end we are bad. Teach us how to
                do it right. </p>
              <p style="margin: 0 0 1em 0; color: black;">Eric Vey </p>
            </div>
            <div style="color: black;">
              <p style="color: black; font-size: 10pt; font-family:
                Arial, sans-serif; margin: 10pt 0;">On January 23, 2017
                7:28:52 PM surgemail-support <a moz-do-not-send="true"
                  class="moz-txt-link-rfc2396E"
                  href="mailto:surgemail-support@netwinsite.com">&lt;surgemail-support@netwinsite.com&gt;</a>
                wrote:</p>
              <blockquote type="cite" class="gmail_quote" style="margin:
                0 0 0 0.75ex; border-left: 1px solid #808080;
                padding-left: 0.75ex;">
                <p>First, apologies, and thanks for bringing this to my
                  attention, after some tests I've realized it's doing
                  exactly what you describe (which it shouldn't be).</p>
                <p>We will fix in the next build. <br>
                </p>
                <p>Anyway, to recreate the private file just restart
                  surgemail, that will recreate it, then click on the
                  create csr button then show csr button.  <br>
                </p>
                <p>This will currently replace your existing public key
                  too (incorrectly).  But as soon as you get the signed
                  certificate back it will stop client errors. <br>
                </p>
                <p>    ChrisP.</p>
                <p><br>
                </p>
                <br>
                <div class="moz-cite-prefix">On 24/01/2017 12:12 p.m.,
                  Randy Zumwalde wrote:<br>
                </div>
                <blockquote
                  cite="mid:845c3415-27fe-3f4d-bc0a-ba75668ab375@ehowe.com"
                  type="cite">
                  <meta content="text/html; charset=utf-8"
                    http-equiv="Content-Type">
                  How do I recreate the priv file. Do I do this within
                  SurgeMail.<br>
                  Sorry I have a hard time figuring this out. <br>
                  The server got messed up just by me clicking on the
                  New CSR button from the SurgeMail web admin and none
                  of my users were able to get mail cause it said the
                  certificate was not trusted. I didn't do anything to
                  the self-signed certificate. I was only trying to
                  generate a CSR to send to GoDaddy<br>
                  <br>
                  <div class="moz-signature"><span
                      style="font-size:11pt"><font color="red"
                        face="Helvetica, Verdana, Arial"><b>Randy
                          Zumwalde</b></font></span> <span
                      style="font-size:9pt"><font color="#3b3b3b"
                        face="Calibri, Verdana, Helvetica, Arial"> •
                        Tel: 513.651.1888 <br>
                        The John K. Howe Company, Inc. <br>
                        7188 Main Street | Cincinnati, OH 45244<br>
                      </font></span> <span style="font-size:10pt"><font
                        face="Helvetica, Verdana, Arial"> <br>
                        Be sure to visit us online at <font
                          color="#0000FF"><a moz-do-not-send="true"
                            href="http://www.ehowe.com">http://www.ehowe.com</a></font>
                        <br>
                        Like us on Facebook at <font color="#0000FF"><u><a
                              moz-do-not-send="true"
                              href="https://www.facebook.com/howemarketing">https://www.facebook.com/howemarketing</a></u></font>
                        <br>
                        Looking for product ideas? visit <font
                          color="#0000FF"><u><a moz-do-not-send="true"
                              href="http://ehowe.mypromohq.com">http://ehowe.mypromohq.com</a></u></font><br>
                      </font></span> <br>
                  </div>
                  <div class="moz-cite-prefix">On 1/19/17 2:53 PM,
                    surgemail-support wrote:<br>
                  </div>
                  <blockquote
                    cite="mid:33b978a1-5e33-7a76-c591-3478a8aab2b9@netwinsite.com"
                    type="cite">re: 2048 bit csr. <br>
                    <br>
                    The old private key is not replaced if it already
                    exists, so to force it to create a 2048 bit key
                    delete your existing surge_priv.pem file first then
                    recreate the priv file and csr <br>
                    <br>
                    ChrisP <br>
                    <br>
                    <br>
                    <br>
                    <br>
                  </blockquote>
                  <br>
                </blockquote>
                <br>
              </blockquote>
            </div>
          </div>
        </blockquote>
        <br>
      </blockquote>
      <br>
    </blockquote>
    <br>
  </body>
</html>

--------------A2E9FF47F886A09AA3251BCF--