Rocky, Alma, Springdale 9 QT Install and Certificate: Difference between pages

From QmailToaster
(Difference between pages)
Jump to navigation Jump to search
No edit summary
 
No edit summary
 
Line 1: Line 1:
=CentOS Linux 9 Minimal Install=
<u>'''Security Certificate'''</u>
==QMT Install ('Many-Domain')==
<nowiki>#</nowiki> curl -o /usr/local/bin/qt_prep.sh https://raw.githubusercontent.com/qmtoaster/scripts/master/qt_install_cos9.sh
<nowiki>#</nowiki> chmod 755 /usr/local/bin/qt_prep.sh && qt_prep.sh (reboot)
<nowiki>#</nowiki> qt_install.sh
<nowiki>#</nowiki> toaststat
<pre>
Status of toaster services
send: up (pid 1323) 1517 seconds
smtp: up (pid 1324) 1517 seconds
submission: up (pid 1325) 1517 seconds
send/log: up (pid 1316) 1517 seconds
smtp/log: up (pid 1311) 1517 seconds
submission/log: up (pid 1314) 1517 seconds


systemd service:              clamd@scan:      [ OK ]
To configure a SSL certificate for TLS and/or SSL over SMTP:
systemd service:        clamav-freshclam:      [ OK ]
systemd service:            spamassassin:      [ OK ]
systemd service:                  dovecot:      [ OK ]
systemd service:                  mariadb:      [ OK ]
systemd service:                    httpd:      [ OK ]
systemd service:                    named:      [ OK ]
systemd service:                    ntpd:      [ OK ]
systemd service:                    sshd:      [ OK ]
systemd service:                  network:      [ OK ]
systemd service:                    crond:      [ OK ]
systemd service:                    acpid:      [ OK ]
systemd service:                      atd:      [ OK ]
systemd service:                  autofs:      [ OK ]
systemd service:                  smartd:      [ OK ]
systemd service:              irqbalance:      [ OK ] (Multiple processors only)
</pre>
<nowiki>#</nowiki> conntest
<pre>
Enter a valid remote email account to which QMT will send mail: <email address>
IMAPS: postmaster@domain.tld --> success
Submission: postmaster@domain.tld --> success
SMTPS: postmaster@domain.tld --> success
</pre>


[https://qmailtoaster.org/scanners.html Scanners]
# Abstract: Create Certificate
Qmail-1.03-3.3.7 (Implements TLSv1.3)
#; Generate key
[https://github.com/qmtoaster/patches/tree/master/cos8/3.3.7 Patches] applied
#; Generate signing request
#; Sign the key
#; Create server certificate
#; Set permission
#; Set owner
#; Copy into place
#; Restart services
## Self-Signed Certificate
##; openssl genrsa -out x.key 2048
##; openssl req -new -key x.key -out x.csr
##; openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
##; cat x.crt x.key > servercert.pem
##; chmod 644 servercert.pem
##; chown root<nowiki>:</nowiki>qmail servercert.pem
##; cp -p servercert.pem /var/qmail/control
## Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
##; yum install python-certbot-apache
##; certbot -apache -d mydomain.com -d mail.mydomain.com
##: Add to Apache Virtual
##: SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
##: SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
##: SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
##: Add to Dovecot CentOS 6 & 7/8
##; ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
##; ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
##: Add to Qmail CentOS 6 & 7/8
##; cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak
##; cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem
##; Springdale, Rocky, Alma Linux 9 may need the private key last
##: cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem

Revision as of 11:10, 20 March 2024

Security Certificate

To configure a SSL certificate for TLS and/or SSL over SMTP:

  1. Abstract: Create Certificate
    Generate key
    Generate signing request
    Sign the key
    Create server certificate
    Set permission
    Set owner
    Copy into place
    Restart services
    1. Self-Signed Certificate
      openssl genrsa -out x.key 2048
      openssl req -new -key x.key -out x.csr
      openssl x509 -req -days 3650 -in x.csr -signkey x.key -out x.crt
      cat x.crt x.key > servercert.pem
      chmod 644 servercert.pem
      chown root:qmail servercert.pem
      cp -p servercert.pem /var/qmail/control
    2. Let's Encrypt CentOS 7/8 (Automatic, assumes working web server)
      yum install python-certbot-apache
      certbot -apache -d mydomain.com -d mail.mydomain.com
      Add to Apache Virtual
      SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
      SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
      Add to Dovecot CentOS 6 & 7/8
      ssl_cert = </etc/letsencrypt/live/mydomain.com/fullchain.pem
      ssl_key = </etc/letsencrypt/live/mydomain.com/privkey.pem
      Add to Qmail CentOS 6 & 7/8
      cp -p /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem.bak
      cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /var/qmail/control/servercert.pem
      Springdale, Rocky, Alma Linux 9 may need the private key last
      cat /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/letsencrypt/live/mydomain.com/privkey.pem > /var/qmail/control/servercert.pem
Retrieved from "http://wiki.qmailtoaster.org:80/index.php?title=Rocky,_Alma,_Springdale_9_QT_Install&oldid=253"