Fedora 10
Sponsored Link

Configure SSL
2008/12/14
  Configure for SSL in order to encrypt datas in connection.
[root@mail ~]#
cd /etc/pki/tls/certs

[root@mail certs]#
make server.key

umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key

Generating RSA private key, 1024 bit long modulus
......................................................++++++
.............++++++
e is 63295 (0x10001)
Enter pass phrase:
# set passphrase

Verifying - Enter pass phrase:
# verify

[root@mail certs]#

[root@mail certs]#
openssl rsa -in server.key -out server.key

Enter pass phrase for server.key:
# input passphrase

writing RSA key
[root@mail certs]#
[root@mail certs]#
make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
JP

State or Province Name (full name) [Berkshire]:
Hiroshima

Locality Name (eg, city) [Newbury]:
Hiroshima

Organization Name (eg, company) [My Company Ltd]:
Server Linux

Organizational Unit Name (eg, section) []:
IT Solution

Common Name (eg, your server's hostname) []:
mail.srv.world

Email Address []:
root@srv.world

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
# Enter

An optional company name []:
# Enter

[root@mail certs]#
[root@mail certs]#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650

Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server Linux/OU=IT Solution/CN=mail.srv.world/emailAddress=root@srv.world Getting Private key
[root@mail certs]#
chmod 400 server.*

[root@mail certs]#
[root@mail certs]#
vi /etc/postfix/main.cf


# add at the bottom

smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache


[root@mail certs]#
vi /etc/postfix/master.cf


# line 17-19: uncomment

smtps       inet   n       -       n       -       -       smtpd
  -o smtpd_tls_wrappermode=yes
  -o smtpd_sasl_auth_enable=yes

[root@mail certs]#
vi /etc/dovecot.conf


# line 84: uncomment

ssl_disable = no

# line 90,91: uncomment and specify certificate

ssl_cert_file =
/etc/pki/tls/certs/server.crt


ssl_key_file =
/etc/pki/tls/certs/server.key


[root@mail certs]#
/etc/rc.d/init.d/postfix restart

Shutting down postfix:
[ OK ]

Starting postfix:
[ OK ]

[root@mail certs]#
/etc/rc.d/init.d/dovecot restart

Stopping Dovecot Imap:
[ OK ]

Starting Dovecot Imap:
[ OK ]

Configure on client. Change settings like following example.
 
Run send/receive email on Outlook Express, then following warning is shown because certificate file is not installed in your system. It's no ploblem. Click 'Yes' to Proceed.
 
Matched Content
 
Tweet