Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th April 2009, 04:54
gwa7 gwa7 is offline
Member
 
Join Date: Jan 2007
Posts: 34
Thanks: 2
Thanked 10 Times in 6 Posts
 
Default Install a Comodo InstantSSL Certificate for ISPconfig Apache, Postfix, Imap & Pop

How to Install a Comodo InstantSSL Certificate for ISPconfig Apache, Postfix, Imap & Pop on an Ubuntu Server

Generating and Obtaining the Certificate
1.You must generate a Certificate Signing Request (CSR) on your webserver. You did this when you installed ISPConfig, but its probably a good idea to do again so that you can make sure everything is entered correctly. Follow these directions to re-generate the ISPconfig certificate http://www.howtoforge.org/faq/14_63_en.html

Important: When you are re-generating your certificate, please ensure that the Common Name (CN) you use is ONE of the following:
  • your Fully Qualified Domain Name (e.g. "secure.yourdomain.com")
  • the Full Server Name of your internal server (e.g. "techserver")
  • your Private IP address (e.g. "192.168.0.1")

The common name is what people will use to access your server. For example: if your common name is mail.myserver.com then you will acccess ISPconfig with the following link: https://mail.myserver.com:81/
In your email application you will also use mail.myserver.com for incoming and outgoing server.

2.Your CSR is located here: /root/ispconfig/httpd/conf/ssl.csr/server.csr
Copy the text in this file. You will need to paste the text into the CSR box when purchasing your certificate.

3.Goto http://www.instantssl.com/ and purchase a certificate or get the free trial. During the certificate sign up process, choose Apache-ModSSL where it asks for the server software used to generate the CSR. You must use exactly the same Common Name (CN) as you used above when generating your CSR.

4.Finish the certificate sign up process. Once you are approved, you may download your certificate files.
-------------------------------------------------------------------------------------
ISPconfig Apache Certificate Installation
1.On your web server go to this directory:
/root/ispconfig/httpd/conf/ssl.crt
and make a backup copy of server.crt. Rename the purchased certificate (example: mail_myserver_com.crt) to server.crt and save it into the above directory replacing the existing server.crt.

Warning: always make a backup copy of any file you change or replace in this How-to. If you don't get something right, your ISPconfig will not start and you will need to undo all changes by using your backup copies.

2.Copy the file ca-bundle file to this directory:
/root/ispconfig/httpd/conf/ssl.crt

3.Edit the file /root/ispconfig/httpd/conf/httpd.conf
and add this line:
SSLCertificateChainFile /root/ispconfig/httpd/conf/ssl.crt/mail_myserver_com.ca-bundle
Important: In the line above, change mail_myserver_com.ca-bundle to the name of your bundle file.

4.restart ispconfig:
/etc/init.d/ispconfig_server restart

5.Now you should not get any errors when you access your site. Example: https://mail.myserver.com:81/

6.If ispconfig does not restart and you cannot figure out why, use your backup files to replace the files you changed and try to restart ispconfig again.
--------------------------------------------------------------------------------------
Postfix Certificate Installation
1.Make a backup copy of cacert.pem, smtpd.crt, smtpd.key in /etc/postfix/ssl
Save the bundle file (*.ca-bundle ) as cacert.pem in the above directory replacing the existing file.

2.Save a copy of your server.crt file as /etc/postfix/ssl/smtpd.crt

3.Save a copy of your server.key file as /etc/postfix/ssl/smtpd.key

4.Make sure these lines are in /etc/postfix/main.cf
smtpd_tls_cert_file = /etc/postfix/ssl/smtpd.crt
smtpd_tls_key_file = /etc/postfix/ssl/smtpd.key
smtpd_tls_CAfile = /etc/postfix/ssl/cacert.pem
5.restart postfix: /etc/init.d/postfix restart
--------------------------------------------------------------------------------------
Courier Imap/Pop Certificate Installation

1.Navagate to /etc/courier/ and make backup copies of imapd.pem and pop3d.pem.

2.Copy server.crt (/root/ispconfig/httpd/conf/ssl.crt/server.crt) into a new file. Copy server.key (/root/ispconfig/httpd/conf/ssl.key/server.key) in to same file and save this file as /etc/courier/imapd.pem replacing the file that is there.
The file should look something like this:
-----BEGIN CERTIFICATE-----
..................
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
..................
-----END RSA PRIVATE KEY-----
Ensure that there are NO blank lines between the certificate and key.

3.Copy your ca-bundle file to /etc/courier

4.Make sure these lines are in /etc/courier/imapd-ssl
TLS_CERTFILE=/etc/courier/imapd.pem
TLS_TRUSTCERTS=/etc/courier/mail_myserver_com.ca-bundle
Important: In the line above, change mail_myserver_com.ca-bundle to the name of your bundle file.

5.restart imap-ssl:
/etc/init.d/courier-imap-ssl restart

6.Make a copy of imapd.pem and save it as pop3d.pem

7.Make sure these lines are in /etc/courier/pop3d-ssl
TLS_CERTFILE=/etc/courier/pop3d.pem
TLS_TRUSTCERTS=/etc/courier/mail_myserver_com.ca-bundle
Important: In the line above, change mail_myserver_com.ca-bundle to the name of your bundle file.

8.restart pop3d-ssl
/etc/init.d/courier-pop-ssl restart

Congratulations, you are finished. Hope this helps someone. Please comment if you can make these directions better.
-------------------------------------------------------------------------------------
Ownership and permissions on the certificate files are important:
-r--r----- 1 root root 1230 Jun 7 18:24 mail_myserver_com.ca-bundle
-r--r----- 1 root root 2030 Jun 7 19:29 server.key
--------------------------------------------------------------------------------------
sources:
https://support.comodo.com/index.php...barticleid=264

http://www.instantssl.com/ssl-certif...rier-imap.html

http://www.instantssl.com/ssl-certif...e/postfix.html

http://www.howtoforge.com/forums/sho...al+certificate

Last edited by gwa7; 10th April 2009 at 04:59.
Reply With Quote
The Following User Says Thank You to gwa7 For This Useful Post:
falko (10th April 2009)
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
localhost postfix/master: fatal: bind 127.0.0.1 port 125: Permission denied g18c Installation/Configuration 4 24th March 2009 17:39
CentoS doesn't send the emails vaio1 Installation/Configuration 18 5th November 2008 17:51
Mail System Error - Returned Mail tristanlee85 General 16 16th March 2008 09:40
Verify email setup meekish Installation/Configuration 28 27th October 2006 15:36


All times are GMT +2. The time now is 06:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.