Debian Guides
|
|
Setting up SSL Certificates
This is very simple. The first step is to create a self-signed key
openssl req -new -x509 -nodes -out
/var/imap/domain1.com/domain1.com.pem -keyout
/var/imap/domain1.com/domain1.com.pem -days 999
NOTE: Make sure that you fill in the server's FQD (e.g.
mail.domain1.com) for "common name" or mail clients will complain! Now
add Diffie-Hellman support:
openssl gendh 512 >>/var/imap/domain1.com/domain1.com.pem
And now check that it looks the way you expect it to:
openssl x509 -subject -dates -fingerprint -noout -in
/var/imap/domain1.com/domain1.com.pem
Repeat for each virtual domain. Now we need to tell Cyrus where it's
keys are. So edit /etc/postfix/main.cf, and add the following
lines to the end:
tls_cert_file: /var/imap/domain1.com/domain1.com.pem
tls_key_file: /var/imap/domain1.com/domain1.com.pem
And repeate for each virtual domain. Now make sure you have the imaps
and/or pop3s lines in cyrus.conf there and uncommented, restart Cyrus
and you're all set!
That brings us to the next section.
Also check out:
http://www.madboa.com/geek/openssl/#intro-ciphers
Web site and all contents ©
Copyright Jon Flagg 2006-2007, All rights reserved.
Free
website templates
|
|
