wechseln ins tmp Verzeichnis
1 |
cd /tmp |
Key erstellen
1 |
openssl genrsa -des3 -out srv01.linux-welten.de.key 2048 |
Phrase eingeben
1 2 3 4 |
Generating RSA private key, 2048 bit long modulus e is 65537 (0x10001) Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase Verifying - Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase |
csr erstellen
1 |
openssl req -new -key srv02.linux-welten.de.key -out srv02.linux-welten.de.csr |
Fragen beantworten
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:THUERINGEN Locality Name (eg, city) []:BAD LIEBENSTEIN Organization Name (eg, company) []:Linux Welten Organizational Unit Name (eg, section) []:Technik Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de Email Address []:----@linux-welten.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
crt erstellen
1 |
openssl x509 -req -days 365 -in srv02.linux-welten.de.csr -signkey srv02.linux-welten.de.key -out srv02.linux-welten.de.crt |
Phrase eingeben
1 2 3 4 |
Signature ok subject=/C=DE/ST=THUERINGEN/L=BAD LIEBENSTEIN/OU=Technik/CN=srv02.linux-welten.de/emailAddress=----@linux-welten.de Getting Private key Enter pass phrase for srv02.linux-welten.de.key |
Key rsa
1 |
openssl rsa -in srv02.linux-welten.de.key -out srv02.linux-welten.de.key.nopass |
umbenennen
1 |
mv srv02.linux-welten.de.key.nopass srv02.linux-welten.de.key |
Pem erstellen
1 |
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650 |
Fragen beantworten
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:THUERINGEN Locality Name (eg, city) []:BAD LIEBENSTEIN Organization Name (eg, company) []:Linux Welten Organizational Unit Name (eg, section) []:Technik Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de Email Address []:----@linux-welten.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: |
Dateien an richtige Stelle verschieben, alte Dateien sichern, postfix neu starten
1 2 3 4 5 6 7 8 9 10 |
cd /etc/postfix/ mv smtpd.cert smtpd.cert.old mv smtpd.key smtpd.key.old cp -a /root/srv02.linux-welten.de.crt ./ cp -a /root/srv02.linux-welten.de.key ./ mv srv02.linux-welten.de.crt ./smtpd.cert mv srv02.linux-welten.de.key ./smtpd.key chmod 600 ./smtpd.cert chmod 600 ./smtpd.key /etc/init.d/postfix restart |
Wenn nach dem Perfect Server HowTo installiert wurde, greift dovecot auf die gleichen Zertifikate zu. Überprüfen:
1 |
vim /etc/dovecot/dovecot.conf |
Suchen nach den Pfadangaben Zertifikat
1 2 |
ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key |
Wenn der Pfad passt, dovecot neu starten
1 |
/etc/init.d/dovecot restart |