From: "Fred. Zwarts F.Zwarts@KVI.nl" <CGatePro@list.communigate.ru>
Received-SPF: pass
 receiver=mail.communigate.ru; client-ip=129.125.27.62; envelope-from=F.Zwarts@KVI.nl
To: CommuniGate Pro Russische discussies <CGatePro@list.communigate.ru>
Subject: Updating TLS keys and certificates securely.
Message-ID: <6fab0517-1180-3fce-f7e0-9602c6bcbe01@KVI.nl>
Date: Tue, 15 Jun 2021 09:57:32 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Thunderbird/78.11.0
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-GB

Last week our TLS certificate expired. In addition for a new certificate 
a larger key-pair was needed. When we received the new certificate we 
tried to configure the new certificate using the secure port 9010.  
However, halfway the procedure, the old certificate disappeared and the 
new one was not yet present. So, we had to fall back to the insecure 
port 8010 to complete the configuration of the new certificate.
We are unhappy with this for two reasons, first because now there has 
been a short period in which the mail server was not accessible in a 
secure way and, second, because we are a bit worried to have to enter 
sensitive information (authentication) with a insecure connection.

Probably, we did not follow the right procedure. From the documentation 
it is not clear to us how we can keep using a secure connection when 
updating key-pairs and certificate. Is it possible to enter them in 
advance a specify a time when they will be activated? I hope someone can 
enlighten us about the correct procedure.