Rocky, Alma, Springdale 9 QT Install and Certificate: Difference between pages
(Difference between pages)
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
<u>'''Security Certificate'''</u> | |||
To configure a SSL certificate for TLS and/or SSL over SMTP: | |||
# Abstract: Create Certificate | |||
#; Generate key | |||
#; Generate signing request | |||
#; Sign the key | |||
#; Create server certificate | |||
#; Set permission | |||
#; Set owner | |||
#; Copy into place | |||
#; Restart services | |||
## Self-Signed Certificate | |||
##; openssl genrsa -out x.key 2048 | |||
##; openssl req -new -key x.key -out x.csr | |||
##; openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt | |||
##; cat x.crt x.key > servercert.pem | |||
##; chmod 644 servercert.pem | |||
##; chown root<nowiki>:</nowiki>qmail servercert.pem | |||
##; cp -p servercert.pem /var/qmail/control | |||
## Let's Encrypt CentOS 7/8 (Automatic, assumes working web server) | |||
##; yum install python-certbot-apache | |||
##; certbot -apache -d mydomain.com -d mail.mydomain.com | |||
##: Add to Apache Virtual | |||
##: SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem | |||
##: SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem | |||
##: SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem | |||
##: Add to Dovecot CentOS 6 & 7/8 | |||
##; ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem | |||
##; ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem | |||
##: Add to Qmail CentOS 6 & 7/8 | |||
##; cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak | |||
##; cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem | |||
##; Springdale, Rocky, Alma Linux 9 may need the private key last | |||
##: cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem |
Revision as of 11:10, 20 March 2024
Security Certificate
To configure a SSL certificate for TLS and/or SSL over SMTP:
- Abstract: Create Certificate
- Generate key
- Generate signing request
- Sign the key
- Create server certificate
- Set permission
- Set owner
- Copy into place
- Restart services
- Self-Signed Certificate
- openssl genrsa -out x.key 2048
- openssl req -new -key x.key -out x.csr
- openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
- cat x.crt x.key > servercert.pem
- chmod 644 servercert.pem
- chown root:qmail servercert.pem
- cp -p servercert.pem /var/qmail/control
- Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
- yum install python-certbot-apache
- certbot -apache -d mydomain.com -d mail.mydomain.com
- Add to Apache Virtual
- SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
- SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
- SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
- Add to Dovecot CentOS 6 & 7/8
- ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
- ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
- Add to Qmail CentOS 6 & 7/8
- cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak
- cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem
- Springdale, Rocky, Alma Linux 9 may need the private key last
- cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem