I had been using a self-signed security certificate for the past 2 years, realized that it expired (whoops). I purchased a proper certificate, and set it up on Mercury (replacing the .PEM with the .CRT on the config screen for each module's SSL). But, mail clients are still reporting the expired certificate!
(Thinking maybe it was not liking the format of the third-party certificate...) I tried creating a new self-signed cert using Mercury's built-in tool, but found it wasn't creating the file as it says it was doing! I thought maybe my install was corrupt or obsolete (I have been upgrading since I first installed Mercury on Windows 98, now on Windows 10), so tried creating a second, clean installation of Mercury in another folder, ran the tool to create a self-signed certificate, but got the same result (says a certificate file was created, but it's not there).
Anybody else on Windows 10 / Mercury 4.8, tried making self-signed certificate and had it work (that is, produce the desired file)?
Any other thoughts on why Mercury would still be distributing the certificate I thought replaced?
Can I manually find the text version of the key somewhere to confirm it took? I tried removing the old certificate from the folder, but it still is distributing the old cert, so I assume it must copy the certificate into the config files somewhere?
About ready to lose my mind, any insight would be helpful!
[quote user="cretson"]Update: the old key seems to have gone away on its own - maybe it was cached somewhere and finally refreshed. But TLS still not working. [/quote]
What exactly goes wrong with you, I can not say that either. I am using a certificate from LetsEncrypt and it works without problems. I see sometimes the SSL error message in the logfile too, but this is almost always a SSL test server.
A tip maybe: The Mercury SSL libraries are ancient. You should simply replace the two SSL-files with current ones [;)].
Thanks for the feedback! I reached out to the issuing company, and they built me a .PEM with the private/public keys just as I'd done, but used a different keys (I think they re-issued my key). Using that, I started getting a different error:
Oh, should have mentioned I did restart Mercury, rebooted the computer too. I also removed the old key from Windows 10's key store (I had done this trying to get it to stop giving me warnings that I'm using a self-signed cert while connecting to the mail server from the mail server)
OK, so still struggling. Tried installing Mercury 4.80 on a old Windows 7 machine, and the certificate generation works! I created a CSR using this copy, revoked my certificate, and requested a new one using the CSR. I compiled them into a single file (PRIVATE KEY and CERTIFICATE), as I gather you're supposed to do. Now I'm getting a new error, seems to make 2 session logs when I attempt to connect. Any hints?
Solved it!
For others' reference:
.PEM file should contain the entire trust chain. Like this:
-----PRIVATE KEY-----Private key data-----END PRIVATE KEY-----
-----CERTIFICATE-----Your certificate-----END CERTIFICATE-----
-----CERTIFICATE----- Trust chain certificate 1 -----END CERTIFICATE-----
-----CERTIFICATE----- Trust chain certificate 2-----END CERTIFICATE-----
