Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Tips/Tricks/Mods

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 12th September 2010, 04:34
Azimuth Azimuth is offline
Junior Member
 
Join Date: Sep 2007
Posts: 16
Thanks: 0
Thanked 4 Times in 1 Post
 
Default HOW TO: Configure Godaddy Cert for Mail SSL

Here's a quick and dirty instruction set to add a Godaddy cert (with intermediary file) to your mail server. admins, please feel free to clean this up.


# create CSR and KEY
cd /etc/ssl/private
openssl req -newkey rsa:2048 -nodes -keyout certdomain.com.key -out certdomain.com.csr

#Submit CSR to CA

#create gd_bundle.crt (replace with current)

tee /etc/ssl/private/gd_bundle.crt <<-\EOA
-----BEGIN CERTIFICATE-----
(the contents of your gd_bundle.crt file)
-----END CERTIFICATE-----
EOA

#create certdomain.com.crt (replace with new cert)

tee /etc/ssl/private/certdomain.com.crt <<-\EOA
-----BEGIN CERTIFICATE-----
(the contents of your domain.crt file)
-----END CERTIFICATE-----
EOA

#create certdomain.com.pem

cat /etc/ssl/private/certdomain.com.crt /etc/ssl/private/certdomain.com.key > /etc/ssl/private/certdomain.com.pem

#Edit /etc/courier/imapd-ssl and pop3d-ssl

TLS_CERTFILE=/etc/ssl/private/certdomain.com.pem
TLS_TRUSTCERTS=/etc/ssl/private/gd_bundle.crt

#restart imapd-ssl and pop3dssl

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

#test

openssl s_client -host 127.0.0.1 -port 993

###GET TLS on postfix.

#edit /etc/postfix/main.cf
#comment out existing lines:
#smtpd_tls_cert_file = /etc/postfix/smtpd.cert
#smtpd_tls_key_file = /etc/postfix/smtpd.key

#add the following:

smtpd_tls_key_file = /etc/ssl/private/certdomain.com.key
smtpd_tls_cert_file = /etc/ssl/private/certdomain.com.crt

#smtpd_tls_auth_only = yes #uncomment if you want only SSL connections over SMTP
smtpd_tls_CAfile = /etc/ssl/private//gd_bundle.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

#end of editing main.cf

#restart postfix

/etc/init.d/postfix restart
Reply With Quote
The Following 4 Users Say Thank You to Azimuth For This Useful Post:
falko (12th September 2010), kevinlowrie (31st January 2012), peterguy (3rd July 2012), toby.latham (28th February 2013)
Sponsored Links
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Companion Script #2 for The Perfect Server - Fedora 13 x86_64 [ISPConfig 3]" MrCompTech Tips/Tricks/Mods 0 10th July 2010 05:11
Creating SSL crashed apache punto Installation/Configuration 8 22nd June 2009 08:00
SSL and IPs problem. debian-lover General 7 21st April 2008 11:59
SSL for virtual hosts on one certificate rbartz Tips/Tricks/Mods 8 20th November 2007 17:59
New SSL Cert PoleCat Installation/Configuration 15 4th July 2007 10:13


All times are GMT +2. The time now is 05:32.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.