Monday, April 25, 2016

Install StartSSL Cert on Postfix

Remove key from key file:

openssl rsa -in xxx-multihost.key -out /etc/ssl/xxx.xxx.xxx/xxx-multihost.key.unencrypted

copy 1_root_bundle from ApacheServer.zip to /etc/ssl/startssl-ca-bundle.pem
copy 2_blah from ApacheServer.zip to /etc/ssl/xxx.xxx.xxx/xxx-multihost.crt

in Main.cf

smtpd_tls_CAfile = /etc/ssl/startssl-ca-bundle.pem
smtpd_tls_cert_file = /etc/ssl/xxx.xxx.xxx/xxx-multihost.crt
smtpd_tls_key_file = /etc/ssl/xxx.xxx.xxx/xxx-multihost.key.unencrypted

restart postfix "service postfix restart"

test using:

http://www.checktls.com/perl/TestReceiver.pl?FULL

Install StartSSL Certificate on Dovecot IMAP Server

wget http://www.startssl.com/certs/sub.class1.server.ca.pem -O sub.class1.server.ca.pem

cat www_certificate.pem sub.class1.server.ca.pem > /etc/ssl/certs/dovecot.pem

cat www_privatekey.pem > /etc/ssl/private/dovecot.pem

chown root:ssl-cert /etc/ssl/private/dovecot.pem

chmod 644 /etc/ssl/private/dovecot.pem

chown root:root /etc/ssl/certs/dovecot.pem

chmod 444 /etc/ssl/certs/dovecot.pem

In /etc/dovecot/conf.d/10-ssl.conf

ssl_cert_file = /etc/ssl/certs/dovecot.pem

ssl_key_file = /etc/ssl/private/dovecot.pem

wget http://www.startssl.com/certs/ca.pem -O /tmp/ca.pem

openssl s_client -CAfile /tmp/ca.pem -connect mail.example.org:993