Certificate: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
Line 23: | Line 23: | ||
##; yum install python-certbot-apache | ##; yum install python-certbot-apache | ||
##; certbot -apache -d mydomain.com -d mail.mydomain.com | ##; certbot -apache -d mydomain.com -d mail.mydomain.com | ||
## | ##: Add to Apache Virtual | ||
## | ##: SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem | ||
## | ##: SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem | ||
## | ##: SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem |
Revision as of 10:08, 20 March 2024
Security Certificate
To configure a SSL certificate for TLS and/or SSL over SMTP:
- Abstract: Create Certificate
- Generate key
- Generate signing request
- Sign the key
- Create server certificate
- Set permission
- Set owner
- Copy into place
- Restart services
- Self-Signed Certificate
- openssl genrsa -out x.key 2048
- openssl req -new -key x.key -out x.csr
- openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
- cat x.crt x.key > servercert.pem
- chmod 644 servercert.pem
- chown root:qmail servercert.pem
- cp -p servercert.pem /var/qmail/control
- Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
- yum install python-certbot-apache
- certbot -apache -d mydomain.com -d mail.mydomain.com
- Add to Apache Virtual
- SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem