HOW TO: Configure Godaddy Cert for Mail SSL

Discussion in 'Tips/Tricks/Mods' started by Azimuth, Sep 12, 2010.

  1. Azimuth

    Azimuth New Member

    Here's a quick and dirty instruction set to add a Godaddy cert (with intermediary file) to your mail server. admins, please feel free to clean this up.

    # create CSR and KEY
    cd /etc/ssl/private
    openssl req -newkey rsa:2048 -nodes -keyout -out

    #Submit CSR to CA

    #create gd_bundle.crt (replace with current)

    tee /etc/ssl/private/gd_bundle.crt <<-\EOA
    (the contents of your gd_bundle.crt file)
    -----END CERTIFICATE-----

    #create (replace with new cert)

    tee /etc/ssl/private/ <<-\EOA
    (the contents of your domain.crt file)
    -----END CERTIFICATE-----


    cat /etc/ssl/private/ /etc/ssl/private/ > /etc/ssl/private/

    #Edit /etc/courier/imapd-ssl and pop3d-ssl


    #restart imapd-ssl and pop3dssl

    /etc/init.d/courier-imap-ssl restart
    /etc/init.d/courier-pop-ssl restart


    openssl s_client -host -port 993

    ###GET TLS on postfix.

    #edit /etc/postfix/
    #comment out existing lines:
    #smtpd_tls_cert_file = /etc/postfix/smtpd.cert
    #smtpd_tls_key_file = /etc/postfix/smtpd.key

    #add the following:

    smtpd_tls_key_file = /etc/ssl/private/
    smtpd_tls_cert_file = /etc/ssl/private/

    #smtpd_tls_auth_only = yes #uncomment if you want only SSL connections over SMTP
    smtpd_tls_CAfile = /etc/ssl/private//gd_bundle.crt
    smtpd_tls_loglevel = 1
    smtpd_tls_received_header = yes
    smtpd_tls_session_cache_timeout = 3600s
    tls_random_source = dev:/dev/urandom

    #end of editing

    #restart postfix

    /etc/init.d/postfix restart
  2. Chris Stenton

    Chris Stenton New Member

    There is no information out there for sendmail and godaddy SSL. Their tech support does not know how to do it ... this is what I did.

    openssl req -new -newkey rsa:2048 -utf8 -verify -nodes -out tls-cert.csr -keyout tls-cert-private.key

    send tls-cert.csr to godaddy

    config for sendmail
    define(`confCACERT_PATH', `/etc/mail/certs/godaddy/')dnl
    define(`confCACERT', `/etc/mail/certs/godaddy/CA.cert.pem')dnl
    define(`confSERVER_CERT', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl
    define(`confSERVER_KEY', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl
    define(`confCLIENT_CERT', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl
    define(`confCLIENT_KEY', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl
    define(`confCRL', `/etc/mail/certs/godaddy/CA.cert.pem')dnl

    pull two version off from godaddy of the certificate - APACHE and Exchange

    get the public cert from the Apache zip file i've called it "tls-cert.crt"
    combine it with the private key you used.
    cat tls-cert-private.key tls-cert.crt > tls-cert-public.pem
    now get the the intermediate file from the Exchange zip file should be

    convert it to pem via
    now copy that over as CA.cert.pem

    chmod 0600 *.*

    restart sendmail
    Use this to test to see it all works

Share This Page