1-Generate

cd /etc/postfix/

# dnf -y install openssl cyrus* 

# openssl req -nodes -newkey rsa:2048 -keyout worldcm.key -out worldcm.csr


Country Name (2 letter code) [XX]: BDState or Province Name (full name) []: DhakaLocality Name (eg, city) [Default City]: DhakaOrganization Name (eg, company) [Default Company Ltd]: World Communication Network Ltd.Organizational Unit Name (eg, section) []: worldcm.netCommon Name (eg, your name or your server's hostname) []: mail.worldcm.netEmail Address []: admin@worldcm.netPlease enter the following 'extra' attributes to be sent with your certificate request A challenge password []:world1234 An optional company name []: worldcm

# openssl x509 -req -days 365 -in mail.csr -signkey worldcm.key -out worldcm.crt

Signature oksubject=C = BD, ST = Dhaka, L = Dhaka, O = IT, OU = IT, CN = mail.worldcm.net, emailAddress = dmin@worldcm.netGetting Private key

# vi /etc/postfix/main.cf

………smtpd_use_tls = yessmtpd_tls_cert_file = /etc/postfix/world.crtsmtpd_tls_key_file = /etc/postfix/world.keysmtpd_tls_security_level = may………



Installing Mod_SSL

-------

mkdir /etc/ssl/private/

cd /etc/ssl/private/


chmod 700 /etc/ssl/private/


dnf install mod_ssl -y

dnf -y install openssl cyrus* 


 systemctl restart httpd




openssl req -x509 -nodes -newkey rsa:2048 -keyout worldcm.net.key -out worldcm.net.crt


-----

Country Name (2 letter code) [XX]:US

State or Province Name (full name) []:PA

Locality Name (eg, city) [Default City]:Philadelphia

Organization Name (eg, company) [Default Company Ltd]:Linode

Organizational Unit Name (eg, section) []:Docs

Common Name (eg, your name or your server's hostname) []:hostname.example.com

Email Address []:admin@example.com







/etc/ssl/private/worldcm.net.crt

/etc/ssl/private/worldcm.net.com.key




Step 3 — Configuring Apache to Use SSL

sudo vi /etc/httpd/conf.d/worldcm.net.conf


<VirtualHost *:443>

    ServerName worldcm.net

    DocumentRoot /var/www/ssl-test

    SSLEngine on

    SSLCertificateFile /etc/ssl/private/worldcm.net.crt

    SSLCertificateKeyFile /etc/ssl/private/worldcm.net.key

</VirtualHost>




# apachectl configtest

# systemctl reload httpd



Step 4 — Redirecting HTTP to HTTPS

-----------------------------

<VirtualHost *:80>

    ServerName worldcm.net

    Redirect / https://your_domain_or_ip/

</VirtualHost>


-------------------------



sudo apachectl configtest

sudo systemctl reload httpd




                  -----------XXXXX------------------





Install SSL Certificate on Apache for CentOS 8

Checking mod_ssl

First, you need to make sure that mod_ssl is installed in the system. To check this use this command:

rpm -qa | grep mod_ssl

Copy

If you see no output, install mod_ssl:

dnf install mod_ssl

Place the SSL certificate on the server

You need to create a complete chain of your SSL certificate from its public key and the chain of certificate authorities.

cat pub-key.pem ca-chain.pem > full-chain.pem

Now place it in the /etc/pki/tls/certs/ folder.
Place the private key to the /etc/pki/tls/private/ folder and make it inaccessible to other users.

chmod -R 600 /etc/pki/tls/private/

configuration

Create a configuration file for your domain name if you don't have one. Put it in the /etc/httpd/conf.d/ folder and give it a name with the .conf extension. Here and further replace domain-name.com with your own.

vi /etc/httpd/conf.d/domain-name.com.conf

Insert the following configuration there:

<VirtualHost *:443>

SSLEngine on

# The path to the complete chain of your SSL certificate

SSLCertificateFile /etc/pki/tls/certs/full-chain.pem

# The path to the private key

SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem

# The path to the content of your website.

<Directory /var/www/domain-name.com>

AllowOverride All

</Directory>

# The path to the content of your website

DocumentRoot /var/www/domain-name.com

# Domain name of your website

ServerName domain-name.com

ServerAlias www.domain-name.com

</VirtualHost>


Create the /var/www/domain-name.com directory and put the content of your site there, if you haven't already done so.

Redirect from HTTP to HTTPS

To redirect requests from unprotected port 80 (HTTP) to encrypted port 443 (HTTPS), add the following lines to the /etc/httpd/conf.d/domain-name.com.conf file.

<VirtualHost *:80>

ServerName domain-name.com

ServerAlias www.domain-name.com

Redirect "/" "https://domain-name.com/"

</VirtualHost>

Save and close the file and restart Apache.

systemctl restart httpd


Now you have a configured SSL certificate on Apache with a working HTTPS protocol on your site.












[root@mail ~]# vi /etc/dovecot/conf.d/10-ssl.conf

# line 8: change

ssl = yes

# line 14,15: specify certificates

ssl_cert = </etc/pki/dovecot/certs/dovecot.pem

ssl_key = </etc/pki/dovecot/private/dovecot.pem

  OR

 ssl_cert = </etc/pki/tls/certs/server.crt

 ssl_key = </etc/pki/tls/certs/server.key

 systemctl enable saslauthd

 systemctl restart saslauthd

 systemctl restart postfix

 systemctl restart dovecot