I upgraded to the new version 10.6.0-3 from 10.5.4-4, and now I got problems related to SSL certificates:
I have a wildcard certificate, which requires CA certificates to be uploaded into SMG. In version 10.5.4-4 I uploaded the CA certificates, and then uploaded our wildcard certificate and everything worked.
After the update, SMG seems to be unable to build the certificate chain: I have a java application that sends email using authentification and starttls using port 587, which worked fine before the SMG upgrade, and now it doesn't. With openssl I checked starttls on port 25 and bam, no certificate chain is being sent, so my wildcard certificate can not be validated.
What have I tried so far:
- Upload my wild certificate again, getting the error "The following warning(s) have been detected:
A certificate chain can not be built for the certificate being imported." - Upload again the CA certificates (are 3, from COMODO), and tried again uploading my wildcard certificate. CA certs upload OK, but my wildcard cert not. Same result.
- Using "Restore" in CA tab, I restored the first CA COMODO certificate (so all other CA certs are deleted and only this one is now present), and afterwards uploaded the other 2 CA from COMODO. This was to delete other certs in case they were interfering. Then I tried to upload my wildcard certificate, and got the same error (...chain can not be built...)
- I rebooted the SMG system to try this again: no luck.
- Investigated the CLI commands available, and using SSH I executed "delete keystore" to remove using this way the certificate. Trying uploading again and nothing... I can't find more command line options related to certs. (openssl is not available)
My private key is 2048 bit in length.
Any ideas? Please help! I got 3 SMG running, and got this problem in all three of them!