Allow own SSL private keys

As I converted all my mails to Mail-in-a-Box I ran into the problem that I already had signed SSL certificates with my own keys. But there is no option to upload the keys.

So I suggest adding another field on the SSL status page that allows uploading of a corresponding private key.

I just faced the same problem, have my keys already but can’t use them, at least without hacking. Did you see if you could get around and somehow install the keys manually? I’m gonna try that tomorrow, but should probably open this in in addition to this discussion here.

EDIT: It seems you can get around this quite easily by giving nginx your own certificates, I’ll get back on that tomorrow though, now some sleep!

You can’t edit the nginx conf (your changes will get overwritten), but you can replace the files in /home/user-data/ssl as needed.

Feel free to open an issue to remind me to document this somewhere.

I looked again at the source of the SSL installation code and saw that you have already support for own SSL keys there is just no front end it for it. For me that’s fine. But it may be useful to add some hint on the website for that.

What if disctinct private key for each supported domain ? Is it possible ?

Yes, that is possible.

Just place the private key for the specific domain in /home/user-data/ssl/[domain]/private_key.pem.

1 Like

See this thread: Multiple SSL Certs not signed by the same key

1 Like