HOW TO: Configure Godaddy Cert for Mail SSL

[Azimuth]

Here's a quick and dirty instruction set to add a Godaddy cert (with intermediary file) to your mail server. admins, please feel free to clean this up.


# create CSR and KEY
cd /etc/ssl/private
openssl req -newkey rsa:2048 -nodes -keyout certdomain.com.key -out certdomain.com.csr

#Submit CSR to CA

#create gd_bundle.crt (replace with current)

tee /etc/ssl/private/gd_bundle.crt <<-\EOA
-----BEGIN CERTIFICATE-----
(the contents of your gd_bundle.crt file)
-----END CERTIFICATE-----
EOA

#create certdomain.com.crt (replace with new cert)

tee /etc/ssl/private/certdomain.com.crt <<-\EOA
-----BEGIN CERTIFICATE-----
(the contents of your domain.crt file)
-----END CERTIFICATE-----
EOA

#create certdomain.com.pem

cat /etc/ssl/private/certdomain.com.crt /etc/ssl/private/certdomain.com.key > /etc/ssl/private/certdomain.com.pem

#Edit /etc/courier/imapd-ssl and pop3d-ssl

TLS_CERTFILE=/etc/ssl/private/certdomain.com.pem
TLS_TRUSTCERTS=/etc/ssl/private/gd_bundle.crt

#restart imapd-ssl and pop3dssl

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

#test

openssl s_client -host 127.0.0.1 -port 993

###GET TLS on postfix.

#edit /etc/postfix/main.cf
#comment out existing lines:
#smtpd_tls_cert_file = /etc/postfix/smtpd.cert
#smtpd_tls_key_file = /etc/postfix/smtpd.key

#add the following:

smtpd_tls_key_file = /etc/ssl/private/certdomain.com.key
smtpd_tls_cert_file = /etc/ssl/private/certdomain.com.crt

#smtpd_tls_auth_only = yes #uncomment if you want only SSL connections over SMTP
smtpd_tls_CAfile = /etc/ssl/private//gd_bundle.crt
smtpd_tls_loglevel = 1
smtpd_tls_received_header = yes
smtpd_tls_session_cache_timeout = 3600s
tls_random_source = dev:/dev/urandom

#end of editing main.cf

#restart postfix

/etc/init.d/postfix restart