IRedMail/FAQ/Generate.New.SSL.Cert.Key

From iRedMail
(Difference between revisions)
Jump to: navigation, search
 

Latest revision as of 07:38, 15 September 2011

Contents


[edit] Summary

iRedMail generates SSL cert file and private key file during installation, validity period is 3650 days (10 years) by default.

This tutorial is used to explain how to generate new SSL cert file and private key file with shell script file shipped in iRedMail. e.g. iRedMail-0.7.3/tools/generate_ssl_keys.sh.

[edit] Steps

Please open tools/generate_ssl_keys.sh, it's self-documented. We have detailed usage in this file, quoted below:

# USAGE:
# 1) Edit variables which starts with TLS_ below, then save file.
# 2) Execute shell command:
#
#       # bash generate_ssl_keys.sh
#
#    It will create two new files under CURRENT directory:
#
#       - certs/iRedMail_CA.pem: Used to replace file on iRedMail server:
#           + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/certs/iRedMail_CA.pem
#           + on Debian/Ubuntu/openSUSE: /etc/ssl/certs/iRedMail_CA.pem
#           + on FreeBSD: /etc/ssl/certs/iRedMail_CA.pem
#       - private/iRedMail.key: Used to replace file on iRedMail server:
#           + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/private/iRedMail.key
#           + on Debian/Ubuntu/openSUSE: /etc/ssl/private/iRedMail.key
#           + on FreeBSD: /etc/ssl/private/iRedMail.key
#
# 3) Grant read access to all users. e.g. on RHEL/CentOS/Scientific Linux:
#
#   # chmod +r /etc/ssl/certs/iRedMail_CA.pem
#   # chmod +r /etc/ssl/private/iRedMail.key
#
#   If you need more restrict file permission, please use file system ACL instead.
#   Refer to command 'setfacl' and 'getfacl' for more detail.
#
# 4) Restart all services which provides SSL secure connection. e.g. http,
#    dovecot, postfix, etc. A system reboot should be easier if possible.
#

export HOSTNAME="$(hostname -f)"

# SSL key related settings.
# Country.
export TLS_COUNTRY='CN'

# State.
export TLS_STATE='GuangDong'

# City.
export TLS_CITY='ShenZhen'

# Company name here, e.g. Apple Inc.
export TLS_COMPANY="${HOSTNAME}"

# Department name.
export TLS_DEPARTMENT='IT'

# Hostname of your mail server.
export TLS_HOSTNAME="${HOSTNAME}"

# Server admininistrator's email address.
export TLS_ADMIN="root@${HOSTNAME}"
Personal tools