Certificate: Difference between revisions

From QmailToaster
Jump to navigation Jump to search
No edit summary
No edit summary
Line 24: Line 24:
##; certbot -apache -d mydomain.com -d mail.mydomain.com
##; certbot -apache -d mydomain.com -d mail.mydomain.com
##: Add to Apache Virtual
##: Add to Apache Virtual
##; SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
##: SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
##; SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
##: SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
##; SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
##: SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
##: Add to Dovecot
##: Add to Dovecot
##; ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
##; ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem

Revision as of 10:17, 20 March 2024

Security Certificate

To configure a SSL certificate for TLS and/or SSL over SMTP:

  1. Abstract: Create Certificate
    Generate key
    Generate signing request
    Sign the key
    Create server certificate
    Set permission
    Set owner
    Copy into place
    Restart services
    1. Self-Signed Certificate
      openssl genrsa -out x.key 2048
      openssl req -new -key x.key -out x.csr
      openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
      cat x.crt x.key > servercert.pem
      chmod 644 servercert.pem
      chown root:qmail servercert.pem
      cp -p servercert.pem /var/qmail/control
    2. Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
      yum install python-certbot-apache
      certbot -apache -d mydomain.com -d mail.mydomain.com
      Add to Apache Virtual
      SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
      Add to Dovecot
      ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
      ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
      Add to Qmail
      cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak
      cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem
      Springdale, Rocky, Alma Linux 9 may need the private key last
      cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem
      Let's Encrypt auto renewal
      Add to cron nightly renew of certs (These certificates expire every 3 months)
      0 0 * * * /opt/certbot/certbot-auto renew #CentOS 6
      0 0 * * * /opt/certbot/certbot renew #CentOS 7
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Certificate&oldid=257"