Faruque Ahmed : MCP, MCSA, MCSE, MCTS, MCIT, CCNA, OCA, OCP, GCP
# cd /etc/postfix/
# dnf -y install openssl cyrus*
# openssl req -nodes -newkey rsa:2048 -keyout worldcm.key -out worldcm.csr
# openssl x509 -req -days 365 -in mail.csr -signkey worldcm.key -out worldcm.crt
Signature oksubject=C = BD, ST = Dhaka, L = Dhaka, O = IT, OU = IT, CN = mail.worldcm.net, emailAddress = dmin@worldcm.netGetting Private key# vi /etc/postfix/main.cf
………smtpd_use_tls = yessmtpd_tls_cert_file = /etc/postfix/world.crtsmtpd_tls_key_file = /etc/postfix/world.keysmtpd_tls_security_level = may………Installing Mod_SSL
-------
mkdir /etc/ssl/private/
cd /etc/ssl/private/
chmod 700 /etc/ssl/private/
dnf install mod_ssl -y
dnf -y install openssl cyrus*
systemctl restart httpd
openssl req -x509 -nodes -newkey rsa:2048 -keyout worldcm.net.key -out worldcm.net.crt
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:PA
Locality Name (eg, city) [Default City]:Philadelphia
Organization Name (eg, company) [Default Company Ltd]:Linode
Organizational Unit Name (eg, section) []:Docs
Common Name (eg, your name or your server's hostname) []:hostname.example.com
Email Address []:admin@example.com
/etc/ssl/private/worldcm.net.crt
/etc/ssl/private/worldcm.net.com.key
Step 3 — Configuring Apache to Use SSL
sudo vi /etc/httpd/conf.d/worldcm.net.conf
<VirtualHost *:443>
ServerName worldcm.net
DocumentRoot /var/www/ssl-test
SSLEngine on
SSLCertificateFile /etc/ssl/private/worldcm.net.crt
SSLCertificateKeyFile /etc/ssl/private/worldcm.net.key
</VirtualHost>
# apachectl configtest
# systemctl reload httpd
Step 4 — Redirecting HTTP to HTTPS
-----------------------------
<VirtualHost *:80>
ServerName worldcm.net
Redirect / https://your_domain_or_ip/
</VirtualHost>
-------------------------
sudo apachectl configtest
sudo systemctl reload httpd
-----------XXXXX------------------
First, you need to make sure that mod_ssl is installed in the system. To check this use this command:
rpm -qa | grep mod_ssl
Copy
If you see no output, install mod_ssl:
dnf install mod_ssl
You need to create a complete chain of your SSL certificate from its public key and the chain of certificate authorities.
cat pub-key.pem ca-chain.pem > full-chain.pem
Now place it in the /etc/pki/tls/certs/ folder.
Place the private key to the /etc/pki/tls/private/ folder and make it inaccessible to other users.
chmod -R 600 /etc/pki/tls/private/
Create a configuration file for your domain name if you don't have one. Put it in the /etc/httpd/conf.d/ folder and give it a name with the .conf extension. Here and further replace domain-name.com with your own.
vi /etc/httpd/conf.d/domain-name.com.conf
Insert the following configuration there:
<VirtualHost *:443>
SSLEngine on
# The path to the complete chain of your SSL certificate
SSLCertificateFile /etc/pki/tls/certs/full-chain.pem
# The path to the private key
SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem
# The path to the content of your website.
<Directory /var/www/domain-name.com>
AllowOverride All
</Directory>
# The path to the content of your website
DocumentRoot /var/www/domain-name.com
# Domain name of your website
ServerName domain-name.com
ServerAlias www.domain-name.com
</VirtualHost>
Create the /var/www/domain-name.com directory and put the content of your site there, if you haven't already done so.
To redirect requests from unprotected port 80 (HTTP) to encrypted port 443 (HTTPS), add the following lines to the /etc/httpd/conf.d/domain-name.com.conf file.
<VirtualHost *:80>
ServerName domain-name.com
ServerAlias www.domain-name.com
Redirect "/" "https://domain-name.com/"
</VirtualHost>
Save and close the file and restart Apache.
systemctl restart httpd
Now you have a configured SSL certificate on Apache with a working HTTPS protocol on your site.
[root@mail ~]# vi /etc/dovecot/conf.d/10-ssl.conf
# line 8: change
ssl = yes
# line 14,15: specify certificates
ssl_cert = </etc/pki/dovecot/certs/dovecot.pem
ssl_key = </etc/pki/dovecot/private/dovecot.pem
OR
ssl_cert = </etc/pki/tls/certs/server.crt
ssl_key = </etc/pki/tls/certs/server.key
systemctl enable saslauthd
systemctl restart saslauthd
systemctl restart postfix
systemctl restart dovecot