SSL and perfect installation

Discussion in 'Installation/Configuration' started by joeinazusa, Dec 24, 2006.

  1. joeinazusa

    joeinazusa New Member

    This is a general questions, I was installing ISPconfig on Centos, then Ubuntu.

    When it gets to the SSL portion I am confused.

    Is the key generated needing a password and are there any security issues related to this? The guides have the instructions but nothing in the way of if a password should or should not be used....

    Is this key for the server itself and should I regenerate this if the hostname changes? Should I change it if this server is redistributed vi VMWARE?

    Is this SSL key related at all to the SSL's of the domain email account or webpages, IE I wanted to use some verisigned keys instead of just by the server or CACERT.

    Thanks for all the help.


    Joe
     
  2. falko

    falko Super Moderator ISPConfig Developer

    Don't encrypt the keys! http://www.ispconfig.org/manual_installation.htm

    The certificate is only for the ISPConfig web interface (if you choose to use HTTPS instead of HTTP later during the installation) and therefore has no effect on your web sites.
     
  3. joeinazusa

    joeinazusa New Member

    Thanks for the reply,

    My question now is why in the perfect installation of CENTOS and UBUNTU are the following instructions added. If ISPCONFIG handles this SSL communication, then why go through this process.

    Thanks!!!

    Joe

    mkdir /etc/postfix/ssl
    cd /etc/postfix/ssl/
    openssl genrsa -des3 -rand /etc/hosts -out smtpd.key 1024
    chmod 600 smtpd.key
    openssl req -new -key smtpd.key -out smtpd.csr
    openssl x509 -req -days 3650 -in smtpd.csr -signkey smtpd.key -out smtpd.crt
    openssl rsa -in smtpd.key -out smtpd.key.unencrypted
    mv -f smtpd.key.unencrypted smtpd.key
    openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    These instructions are for creating the SSL certidicates for postfix mailserver and not for the ISPConfig apache webserver on port 81.
     

Share This Page