ZhangHuangbin at 13:38, 15 September 2011

ZhangHuangbin — Thu, 15 Sep 2011 13:38:42 GMT

← Older revision		Revision as of 13:38, 15 September 2011
Line 1:		Line 1:
-	~~_TOC_~~	+	__TOC__

	= Summary =		= Summary =

ZhangHuangbin: Created page with '_TOC_ = Summary = iRedMail generates SSL cert file and private key file during installation, validity period is 3650 days (10 years) by default. This tutorial is used to expla…'

ZhangHuangbin — Thu, 15 Sep 2011 13:38:06 GMT

Created page with '_TOC_ = Summary = iRedMail generates SSL cert file and private key file during installation, validity period is 3650 days (10 years) by default. This tutorial is used to expla…'

New page

_TOC_

= Summary =

iRedMail generates SSL cert file and private key file during installation, validity period
is 3650 days (10 years) by default.

This tutorial is used to explain how to generate new SSL cert file and private key file
with shell script file shipped in iRedMail. e.g. iRedMail-0.7.3/tools/generate_ssl_keys.sh.

= Steps =

Please open '''tools/generate_ssl_keys.sh''', it's self-documented.
We have detailed usage in this file, quoted below:

<pre>
# USAGE:
# 1) Edit variables which starts with TLS_ below, then save file.
# 2) Execute shell command:
#
# # bash generate_ssl_keys.sh
#
# It will create two new files under CURRENT directory:
#
# - certs/iRedMail_CA.pem: Used to replace file on iRedMail server:
# + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/certs/iRedMail_CA.pem
# + on Debian/Ubuntu/openSUSE: /etc/ssl/certs/iRedMail_CA.pem
# + on FreeBSD: /etc/ssl/certs/iRedMail_CA.pem
# - private/iRedMail.key: Used to replace file on iRedMail server:
# + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/private/iRedMail.key
# + on Debian/Ubuntu/openSUSE: /etc/ssl/private/iRedMail.key
# + on FreeBSD: /etc/ssl/private/iRedMail.key
#
# 3) Grant read access to all users. e.g. on RHEL/CentOS/Scientific Linux:
#
# # chmod +r /etc/ssl/certs/iRedMail_CA.pem
# # chmod +r /etc/ssl/private/iRedMail.key
#
# If you need more restrict file permission, please use file system ACL instead.
# Refer to command 'setfacl' and 'getfacl' for more detail.
#
# 4) Restart all services which provides SSL secure connection. e.g. http,
# dovecot, postfix, etc. A system reboot should be easier if possible.
#

export HOSTNAME="$(hostname -f)"

# SSL key related settings.
# Country.
export TLS_COUNTRY='CN'

# State.
export TLS_STATE='GuangDong'

# City.
export TLS_CITY='ShenZhen'

# Company name here, e.g. Apple Inc.
export TLS_COMPANY="${HOSTNAME}"

# Department name.
export TLS_DEPARTMENT='IT'

# Hostname of your mail server.
export TLS_HOSTNAME="${HOSTNAME}"

# Server admininistrator's email address.
export TLS_ADMIN="root@${HOSTNAME}"
</pre>

IRedMail/FAQ/Generate.New.SSL.Cert.Key - Revision history

ZhangHuangbin at 13:38, 15 September 2011

ZhangHuangbin: Created page with '_TOC_ = Summary = iRedMail generates SSL cert file and private key file during installation, validity period is 3650 days (10 years) by default. This tutorial is used to expla…'