1 (edited by bertovega 2013-11-13 11:52:06)

Topic: Install a purchased SSL Certificate from Geotrust in iRedMail

==== Required information ====
- iRedMail version: 0.8.5
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: Ubuntu 12.04.3
- Related log if you're reporting an issue: (postmaster@mctours-centroamerica.com email received and read until restored to original configuration)

Transcript of session follows.

Out: 220 mail.mctours-centroamerica.com ESMTP Postfix (Ubuntu)
In:  EHLO AdalbertoPC
Out: 250-mail.mctours-centroamerica.com
Out: 250-PIPELINING
Out: 250-SIZE 15728640
Out: 250-ETRN
Out: 250-STARTTLS
Out: 250-AUTH PLAIN LOGIN
Out: 250-AUTH=PLAIN LOGIN
Out: 250-ENHANCEDSTATUSCODES
Out: 250-8BITMIME
Out: 250 DSN
In:  STARTTLS
Out: 454 4.7.0 TLS not available due to local problem

Session aborted, reason: lost connection

For other details, see the local mail logfile

====

Can you please give me instructions on how to install a signed SSL certificate bought from GeoTrust?

I understand I need to edit the following files:

a) Apache (Webserver)

/etc/apache2/sites-available/default-ssl

SSLCertificateFile /etc/ssl/certs/[yourname].crt
SSLCertificateKeyFile /etc/ssl/private/[yourname].key
SSLCACertificateFile /etc/ssl/certs/[Geotrust_CA].crt

b) Dovecot (IMAP/POP Server)

/etc/dovecot/dovecot.conf

ssl_key_file = /etc/ssl/private/[yourname].key
ssl_cert_file = /etc/ssl/certs/[yourname].crt
ssl_ca_file = /etc/ssl/certs/[Geotrust_CA].crt

c) Postfix (SMTP Server)

/etc/postfix/main.cf

smtpd_tls_key_file = /etc/ssl/private/[yourname].key
smtpd_tls_cert_file = /etc/ssl/certs/[yourname].crt
smtpd_tls_CAfile = /etc/ssl/certs/[Geotrust_CA].crt

d) Restart all three services

service apache2 restart
service dovecot restart
service postfix restart

I tried it and it stopped working. I had to roll back to the default self signed iRedMail certificate.

Any help would be appreciated.

2

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

Hi,

The default build for iRedMail installed my keys in the following directories on Centos:

Private Key: /etc/pki/tls/private/iRedMail.key
Certificate File : /etc/pki/tls/certs/iRedMail_CA.pem

What I did was cp the original files to backup rename my PK and Cert to the same name as default, added the path for chained, restarted everything and all worked.

ChainedCA: /etc/pki/tls/certs/dvca.crt

Hope this helps

3 (edited by bertovega 2013-11-14 05:19:04)

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

Fortunately the support files on the GeoTrust website are very good, I only searched apache2, dovecot and postfix and followed instructions, everything works just fine now, I just did an additional step on the Apache configuration, these are the links if somebody needs them:

Apache2 (Here I had to delete the SSLCertificateChainFile directive because you cannot use SSLCertificateChainFile  and SSLCACertificateFile pointing to the same file)
https://knowledge.geotrust.com/support/ … 4377227195

SSL Installation Instructions for Postfix:
https://knowledge.geotrust.com/support/ … 4373501130

How to install SSL certificate using Dovecot IMAP server:
https://knowledge.geotrust.com/support/ … 4373049896

One last thing: it is not enough to only restart the services, because for some reason the dovecot old process won't die, therefore I rebooted the server and that was it.

4

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

Actually the best solution is to rename the purchased cert files and key the same name as those used during installation, because there is also another place where those files are used: OpenLDAP and is kind o obscure the location of the calling command.

5

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

I would agree with bertovega.

It is simplest to rename the cert to the iRedMail defaults.

6

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

Yep thats what I did wink

7

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

bertovega wrote:

Actually the best solution is to rename the purchased cert files and key the same name as those used during installation, because there is also another place where those files are used: OpenLDAP and is kind o obscure the location of the calling command.

nice ... but since i tryed to adjust Apache, postfix and dovecot, .... and only apache is working OK ... I need original settings for postfix and dovecot... so I can do rename...  since I cannot remember original settings....

I have from comodo: cert.pem chain.pem; generated iredmail.csr iredmail.key (for comodo) ....
So what to remane to what ?

8

Re: Install a purchased SSL Certificate from Geotrust in iRedMail

Please check whether you have correct setting for below parameters in Postfix config file (main.cf):

smtpd_tls_key_file=
smtpd_tls_cert_file=
smtpd_tls_CAfile=

And Dovecot config file:

ssl_ca =
ssl_cert =
ssl_key =