nixCraft
Linux / UNIX Tech Support Forum
Postfix mail server create self-signed SSL certificates on Cent OS / Redhat linux
This is a discussion on Postfix mail server create self-signed SSL certificates on Cent OS / Redhat linux within the Getting started tutorials forums, part of the Linux Getting Started category; Use this howto / tutorial to if you need, to create self-signed SSL certificates on Cent OS / Redhat linux ...
|
|||||||
| Getting started tutorials So much to read, so little time! If that is your problem, we have solution. Read our FAQ and tutorials to help you cut through the clutter of information overload. Only members of "contributors" group can post new tutorials. Other members can just reply to thread. |
 |
|
|
LinkBack | Thread Tools | Display Modes |
06-15-2007, 06:21 PM
|
||||
|
||||
Postfix mail server create self-signed SSL certificates on Cent OS / Redhat linux
Use this howto / tutorial to if you need, to create self-signed SSL certificates on Cent OS / Redhat linux (RHEL 4/5)
Goto /tmp dir Code:
cd /tmp mkdir config cd config mkdir certs crl newcerts private echo "01" > serial cp /dev/null index.txt cat /usr/share/ssl/openssl.cnf | sed -e 's/\.\/demoCA/\./' > openssl.cnf Create a NEW CA Code:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 365 -config openssl.cnf Code:
openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 365 -config openssl.cnf openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem Code:
openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem Code:
cp cacert.pem /usr/share/ssl/certs grep -B 100 "END RSA PRIVATE KEY" newreq.pem > /usr/share/ssl/certs/key.pem chmod 400 /usr/share/ssl/certs/key.pem cp newcert.pem /usr/share/ssl/certs/cert.pem Code:
#### SASL bits #### smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = smtpd_sasl_security_options=noanonymous ## The following allows anyone who is in mynetworks, or anyone who can authenticate, to send mail through this server smtpd_recipient_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks check_relay_domains smtpd_delay_reject = yes ## this is necessary for some email clients broken_sasl_auth_clients = yes #### TLS bits #### smtpd_tls_auth_only = no smtp_use_tls = yes smtpd_use_tls = yes smtp_tls_note_starttls_offer = yes ## Location of key, cert and CA-cert. ## These files need to be generated using openssl smtpd_tls_key_file = /usr/share/ssl/certs/key.pem smtpd_tls_cert_file = /usr/share/ssl/certs/cert.pem smtpd_tls_CAfile = /usr/share/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_exchange_name = /var/run/prng_exch tls_random_source = dev:/dev/urandom tls_smtp_use_tls = yes ipv6_version = 1.25 Code:
yum install cyrus-sasl Code:
up2date cyrus-sasl dovecot Create user for each mail user: Code:
saslpasswd2 -c rocky Code:
chown :postfix /etc/sasldb2 Code:
pwcheck_method: auxprop Code:
/etc/init.d/saslauthd restart /etc/init.d/postfix restart /etc/init.d/dovecot restart Code:
ntsysv Code:
telnet server-ip 25 telnet server-ip 143 telnet server-ip 110 netstat -tulp Code:
/etc/init.d/iptables save vi /etc/sysconfig/iptables Code:
-A INPUT -i eth1 -p tcp -m tcp --dport 25 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 110 -j ACCEPT -A INPUT -i eth1 -p tcp -m tcp --dport 143 -j ACCEPT Code:
/etc/init.d/iptables restart
__________________
Rocky Jr. You may have my body & soul, but you will never touch my pride! If you have knowledge, let others light their candles at it. Certified to work on HP-UX / Sun Solaris / RedHat 
|
| Sponsored Links | ||
|
|
|
«
Restrict number of simultaneous proxy connections in SQUID proxy
|
Yum install kernel debuginfo packages kernel-debuginfo repo
»
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Cent OS or Fedora for production server | abspm24 | CentOS / RHEL / Fedora | 4 | 09-03-2008 04:54 PM |
| Postfix -- the Local and Internet Mail Server Scenario | needee1 | Mail Servers | 0 | 10-17-2007 12:06 PM |
| Linux create self signed ssl certificate for Apache httpd server | raj | Getting started tutorials | 0 | 05-05-2007 01:23 AM |
| relays.ordb.org RBL for postfix mail server | raj | Mail Servers | 1 | 01-11-2007 04:36 PM |
| regarding postfix mail server | vishal Titre | Linux software | 2 | 09-28-2006 03:52 PM |
All times are GMT +5.5. The time now is 05:14 AM.
