Archiv für den Monat: Januar 2016

Zertifikat für Postfix und Dovecot unter ISPConfig erneuern

wechseln ins tmp Verzeichnis

cd /tmp

Key erstellen

openssl genrsa -des3 -out srv01.linux-welten.de.key 2048

Phrase eingeben

Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase
Verifying - Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase

csr erstellen

openssl req -new -key srv02.linux-welten.de.key -out srv02.linux-welten.de.csr

Fragen beantworten

Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:THUERINGEN
Locality Name (eg, city) []:BAD LIEBENSTEIN
Organization Name (eg, company) []:Linux Welten
Organizational Unit Name (eg, section) []:Technik
Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de
Email Address []:----@linux-welten.de

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

crt erstellen

openssl x509 -req -days 365 -in srv02.linux-welten.de.csr -signkey srv02.linux-welten.de.key -out srv02.linux-welten.de.crt

Phrase eingeben

Signature ok
subject=/C=DE/ST=THUERINGEN/L=BAD LIEBENSTEIN/OU=Technik/CN=srv02.linux-welten.de/emailAddress=----@linux-welten.de
Getting Private key
Enter pass phrase for srv02.linux-welten.de.key

Key rsa

openssl rsa -in srv02.linux-welten.de.key -out srv02.linux-welten.de.key.nopass

umbenennen

mv srv02.linux-welten.de.key.nopass srv02.linux-welten.de.key

Pem erstellen

openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650

Fragen beantworten

Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:THUERINGEN
Locality Name (eg, city) []:BAD LIEBENSTEIN
Organization Name (eg, company) []:Linux Welten
Organizational Unit Name (eg, section) []:Technik
Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de
Email Address []:----@linux-welten.de

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Dateien an richtige Stelle verschieben, alte Dateien sichern, postfix neu starten

cd /etc/postfix/
mv smtpd.cert smtpd.cert.old
mv smtpd.key smtpd.key.old
cp -a /root/srv02.linux-welten.de.crt ./
cp -a /root/srv02.linux-welten.de.key ./
mv srv02.linux-welten.de.crt ./smtpd.cert
mv srv02.linux-welten.de.key ./smtpd.key
chmod 600 ./smtpd.cert
chmod 600 ./smtpd.key
/etc/init.d/postfix restart

Wenn nach dem Perfect Server HowTo installiert wurde, greift dovecot auf die gleichen Zertifikate zu. Überprüfen:

vim /etc/dovecot/dovecot.conf

Suchen nach den Pfadangaben Zertifikat

ssl_cert = </etc/postfix/smtpd.cert
ssl_key = </etc/postfix/smtpd.key

Wenn der Pfad passt, dovecot neu starten

/etc/init.d/dovecot restart