SSL Authentification

Kolab Users kolab-users at ostech.com.au
Wed Apr 3 06:35:20 CEST 2013


Hi,

On 02-Apr-13 8:18 PM, Chris Fleming wrote:
> On Sun, Mar 31, 2013 at 12:38:24PM +0200, Jack Smith wrote:
>> Hello everyone,
>>
>> can anyone please help me in setting up my Kolab 3 installation to use
>> my SSL certificates? I documentation about this issue is rather scarce.
>> I have a .crt, a .key and a .ca file (intermediate certificate) for my
>> server from an official certificate authority. How do i persuade my
>> kolab server to use these certificates, so my thunderbird does not
>> complain about untrusted certificates when trying to connect to an email
>> account?
> This is "simply" a case of telling the various components about the certificates.
>
> These are postfix (for smtp):
>
> In /etc/postfix/main.cf
> smtpd_tls_key_file = /etc/pki/CA/certs/server.pem
> smtpd_tls_cert_file = /etc/pki/CA/certs/server.pem
>
>
> For imap:
>
> /etc/imapd.conf
>
> tls_cert_file: /etc/pki/CA/certs/server.pem
> tls_key_file: /etc/pki/CA/certs/server.pem
> tls_ca_file: /etc/pki/CA/certs/server.pem
>
> I think setting up apache was more complicated, but there is a fair amount of information online. Have a look and let me know if you're still haveing trouble.

If you're using CentOS 6.x then modifying the /etc/httpd/conf.d/ssl.conf 
file for the entries:

#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/localhost.crt

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convinience.
SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt

are the items to update with your certs, then restart Apache and look in 
the errorlogs to see if any problems with your certs.

Note that "convinience" = "convenience", a typo by Apache.org :)

Regards,
Michael.




More information about the users mailing list