wechseln ins tmp Verzeichnis
cd /tmp
Key erstellen
openssl genrsa -des3 -out srv01.linux-welten.de.key 2048
Phrase eingeben
Generating RSA private key, 2048 bit long modulus e is 65537 (0x10001) Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase Verifying - Enter pass phrase for srv01.linux-welten.de.key: SICHEREphrase
csr erstellen
openssl req -new -key srv02.linux-welten.de.key -out srv02.linux-welten.de.csr
Fragen beantworten
Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:THUERINGEN Locality Name (eg, city) []:BAD LIEBENSTEIN Organization Name (eg, company) []:Linux Welten Organizational Unit Name (eg, section) []:Technik Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de Email Address []:----@linux-welten.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
crt erstellen
openssl x509 -req -days 365 -in srv02.linux-welten.de.csr -signkey srv02.linux-welten.de.key -out srv02.linux-welten.de.crt
Phrase eingeben
Signature ok subject=/C=DE/ST=THUERINGEN/L=BAD LIEBENSTEIN/OU=Technik/CN=srv02.linux-welten.de/emailAddress=----@linux-welten.de Getting Private key Enter pass phrase for srv02.linux-welten.de.key
Key rsa
openssl rsa -in srv02.linux-welten.de.key -out srv02.linux-welten.de.key.nopass
umbenennen
mv srv02.linux-welten.de.key.nopass srv02.linux-welten.de.key
Pem erstellen
openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Fragen beantworten
Enter pass phrase for srv02.linux-welten.de.key: SICHEREphrase You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:THUERINGEN Locality Name (eg, city) []:BAD LIEBENSTEIN Organization Name (eg, company) []:Linux Welten Organizational Unit Name (eg, section) []:Technik Common Name (e.g. server FQDN or YOUR name) []:srv02.linux-welten.de Email Address []:----@linux-welten.de Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:
Dateien an richtige Stelle verschieben, alte Dateien sichern, postfix neu starten
cd /etc/postfix/ mv smtpd.cert smtpd.cert.old mv smtpd.key smtpd.key.old cp -a /root/srv02.linux-welten.de.crt ./ cp -a /root/srv02.linux-welten.de.key ./ mv srv02.linux-welten.de.crt ./smtpd.cert mv srv02.linux-welten.de.key ./smtpd.key chmod 600 ./smtpd.cert chmod 600 ./smtpd.key /etc/init.d/postfix restart
Wenn nach dem Perfect Server HowTo installiert wurde, greift dovecot auf die gleichen Zertifikate zu. Überprüfen:
vim /etc/dovecot/dovecot.conf
Suchen nach den Pfadangaben Zertifikat
ssl_cert = </etc/postfix/smtpd.cert ssl_key = </etc/postfix/smtpd.key
Wenn der Pfad passt, dovecot neu starten
/etc/init.d/dovecot restart
Das ist ein interessanter und brauchbarer Artikel.