|
Configure SSL
|
| Configure for SSL in order to encrypt datas in connection. |
|
[root@mail ~]# cd /etc/pki/tls/certs [root@mail certs]# make server.key umask 77 ; \ /usr/bin/openssl genrsa -des3 1024 > server.key Generating RSA private key, 1024 bit long modulus ......................................................++++++ .............++++++ e is 63295 (0x10001) Enter pass phrase: # set passphrase Verifying - Enter pass phrase: # verify [root@mail certs]# [root@mail certs]# openssl rsa -in server.key -out server.key Enter pass phrase for server.key: # input passphrase writing RSA key [root@mail certs]# [root@mail certs]# make server.csr umask 77 ; \ /usr/bin/openssl req -utf8 -new -key server.key -out server.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]: JP State or Province Name (full name) [Berkshire]: Hiroshima Locality Name (eg, city) [Newbury]: Hiroshima Organization Name (eg, company) [My Company Ltd]: Server Linux Organizational Unit Name (eg, section) []: IT Solution Common Name (eg, your server's hostname) []: mail.srv.world Email Address []: root@srv.world Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: # Enter An optional company name []: # Enter [root@mail certs]# [root@mail certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 Signature ok subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server Linux/OU=IT Solution/CN=mail.srv.world/emailAddress=root@srv.world Getting Private key [root@mail certs]# chmod 400 server.* [root@mail certs]# [root@mail certs]# vi /etc/postfix/main.cf # add at the bottom smtpd_use_tls = yes smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache [root@mail certs]# vi /etc/postfix/master.cf # line 17-19: uncomment smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes [root@mail certs]# vi /etc/dovecot.conf # line 84: uncomment ssl_disable = no # line 90,91: uncomment and specify certificate ssl_cert_file = /etc/pki/tls/certs/server.crt ssl_key_file = /etc/pki/tls/certs/server.key [root@mail certs]# /etc/rc.d/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@mail certs]# /etc/rc.d/init.d/dovecot restart Stopping Dovecot Imap: [ OK ] Starting Dovecot Imap: [ OK ] |
| Configure on client. Change settings like following example. | |
|
| Run send/receive email on Outlook Express, then following warning is shown because certificate file is not installed in your system. It's no ploblem. Click 'Yes' to Proceed. | |
|