Quick and dirty

Sometimes I felt like a normal person without any kind of bad conscience. It takes me two hours and the server was ready. https://www.howtoforge.com/perfect-server-centos-7-apache2-mysql-php-pureftpd-postfix-dovecot-and-ispconfig3
helped me out.

I was a fool, hammer down every ssl information with enter. This must be corrected:

Postfix
cd /etc/postfix
Genenerate Postfix ssl key:
openssl req -x509 -newkey rsa:2048 -keyout smtpd.key -out smtpd.cert -days 3650 -nodes
chmod 600 smtp.*

change /etc/postfix/master.cf (add some lines to get smtps, taken from my old host)
smtps inet n – n – – smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING

ISPConfig
cd /usr/local/ispconfig/interface/ssl
openssl genrsa -des3 -out ispserver.key 4096
openssl req -new -key ispserver.key -out ispserver.csr
openssl x509 -req -days 3650 -in ispserver.csr \
-signkey ispserver.key -out ispserver.crt
openssl rsa -in ispserver.key -out ispserver.key.insecure
mv ispserver.key ispserver.key.secure
mv ispserver.key.insecure ispserver.key

HTTPD
vi /etc/httpd/conf.d/ssl.conf
replace follow line:
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key (one line !!!)

Standard SSL website share the same ssl-keys from ispconfig.

Uh done. I was near a seam outburst.

Leave a Reply

Your email address will not be published. Required fields are marked *