Quick and dirty instructions for installing an SSL certificate into a DTC admin panel. This does not cover SSL certificates installed on individual websites.
After installing dtc, you'll have some self-signed certificate files:
dtc1:~# ls -tlrR /var/lib/dtc/etc/ssl/ /var/lib/dtc/etc/ssl/: total 20 -r-------- 1 dtc dtcgrp 963 Nov 26 2008 privkey.pem -r-------- 1 dtc dtcgrp 887 Nov 26 2008 new.cert.key -r-------- 1 dtc dtcgrp 790 Nov 26 2008 new.cert.csr -r-------- 1 dtc dtcgrp 977 Nov 26 2008 new.cert.cert drwxr-xr-x 2 dtc dtcgrp 4096 Feb 23 2012 dovecot /var/lib/dtc/etc/ssl/dovecot: total 16 -rw-r--r-- 1 dtc dtcgrp 951 Feb 23 2012 privkey.pem -rw-r--r-- 1 dtc dtcgrp 887 Feb 23 2012 new.cert.key -rw-r--r-- 1 dtc dtcgrp 842 Feb 23 2012 new.cert.csr -rw-r--r-- 1 dtc dtcgrp 1058 Feb 23 2012 new.cert.cert dtc1:~#
Configure postfix
to use those, and symlink the dovecot/ files:
dtc1:~# postconf -e smtpd_tls_cert_file=/var/lib/dtc/etc/ssl/new.cert.cert dtc1:~# postconf -e smtpd_tls_key_file=/var/lib/dtc/etc/ssl/new.cert.key dtc1:~# cd /var/lib/dtc/etc/ssl/dovecot dtc1:/var/lib/dtc/etc/ssl/dovecot# for f in new.cert.key new.cert.csr new.cert.cert; > do > mv $f $f.old > ln -s ../$f $f > done dtc1:/var/lib/dtc/etc/ssl/dovecot# ls -l total 16 lrwxrwxrwx 1 root root 16 Aug 28 15:44 new.cert.cert -> ../new.cert.cert -rw-r--r-- 1 dtc dtcgrp 1058 Feb 23 2012 new.cert.cert.old lrwxrwxrwx 1 root root 15 Aug 28 15:44 new.cert.csr -> ../new.cert.csr -rw-r--r-- 1 dtc dtcgrp 842 Feb 23 2012 new.cert.csr.old lrwxrwxrwx 1 root root 15 Aug 28 15:44 new.cert.key -> ../new.cert.key -rw-r--r-- 1 dtc dtcgrp 887 Feb 23 2012 new.cert.key.old -rw-r--r-- 1 dtc dtcgrp 951 Feb 23 2012 privkey.pem dtc1:/var/lib/dtc/etc/ssl/dovecot#
Now put your new certificate in place. I combined the private key, intermediate CA certificates and this server's certificate together in a single .pem file. When you do this, remember the order is: your private key (pkcs8, pem format), then your certificate, then intermediary certificates, and lastly the root certificate. Eg. for a Comodo PositiveSSL cert:
dtc1:~# cat your.key.pkcs8 your_positivessl.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > certificate.pem
Adjust this to the filename you give it.
dtc1:~# cd /var/lib/dtc/etc/ssl/ dtc1:/var/lib/dtc/etc/ssl# for f in new.cert.key new.cert.csr new.cert.cert; do mv $f $f.old; done dtc1:/var/lib/dtc/etc/ssl# cp /path/to/your/certificate.pem . dtc1:/var/lib/dtc/etc/ssl# for f in new.cert.key new.cert.cert new.cert.ca; do ln -s certificate.pem $f; done dtc1:/var/lib/dtc/etc/ssl# chown dtc:dtcgrp certificate.pem dtc1:/var/lib/dtc/etc/ssl# chmod 600 certificate.pem dtc1:/var/lib/dtc/etc/ssl# ls -tlr total 32 -r-------- 1 dtc dtcgrp 963 Nov 26 2008 privkey.pem -r-------- 1 dtc dtcgrp 887 Nov 26 2008 new.cert.key.old -r-------- 1 dtc dtcgrp 790 Nov 26 2008 new.cert.csr.old -r-------- 1 dtc dtcgrp 977 Nov 26 2008 new.cert.cert.old drwxr-xr-x 2 dtc dtcgrp 4096 Aug 28 15:47 dovecot -rw------- 1 dtc dtcgrp 9259 Aug 28 17:28 certificate.pem lrwxrwxrwx 1 root root 15 Aug 28 17:31 new.cert.key -> certificate.pem lrwxrwxrwx 1 root root 15 Aug 28 17:31 new.cert.cert -> certificate.pem lrwxrwxrwx 1 root root 15 Aug 28 17:31 new.cert.ca -> certificate.pem dtc1:/var/lib/dtc/etc/ssl#
Now just reload services and you're done.
dtc1:~# service postfix reload dtc1:~# service dovecot reload dtc1:~# service apache2 reload
Add new comment