[Kolab-devel] kolab3/debian wheezy: Questions regarding ssl setup
Johannes Graumann
johannes_graumann at web.de
Wed Dec 19 14:00:54 CET 2012
Paul Klos <kolab <at> klos2day.nl> writes:
>
> Op Wed, 05 Dec 2012 11:27 +0300
> Johannes Graumann <johannes_graumann <at> web.de> schreef:
>
> > Hello,
> >
> > When configuring a fresh kolab3 install on wheezy,
> > I need to issue an explicit "a2enmod ssl &&
> > a2ensite default-ssl" to get kolab-webadmin to work.
> >
> I haven't tried this yet, and it's certainly
> something that should work, but AFAIK there is no
> explicit need to have ssl working to get into the
> kolab-webadmin.
The requirement might be deriving from my lxc and nginx routing setup.
> > In this context I am unclear on where the debian
> > setup requires ssl key and certificate.
> > http://tinyurl.com/c98ojg5 says here:
> > > Certificate: /etc/pki/tls/certs/host.example.org.cert
> > > Private
> > > Key: /etc/pki/tls/private/host.example.org.key
> > but that directory is inexistent in debian.
> >
> Certificate paths are different on Debian and Red Hat
> flavoured distributions. We've run into this before
> with cyrus and postfix. Most probably setup-kolab
> will have to be patched for Debian to take care of
> this. For now, either symlinking or changing the
> configuration to look in /etc/ssl/private should
> work (as well as straight http, as per my previous
> remark).
Do you think the patch appended should/could be pushed into the repository?
I went hunting for *.pem etc. in my existing trial installation and came up
with
the instances the patch attempts to modify towards debianish infrastructure.
Cheers, Joh
diff --git a/pykolab/setup/setup_imap.py b/pykolab/setup/setup_imap.py
index c5c400e..4b7564f 100644
--- a/pykolab/setup/setup_imap.py
+++ b/pykolab/setup/setup_imap.py
@@ -65,14 +65,6 @@ def execute(*args, **kw):
"admins": conf.get('cyrus-imap', 'admin_login'),
"postuser": "shared",
}
-
- if os.path.isfile('/usr/sbin/make-ssl-cert') and not
os.path.isfile('/etc/ssl/private/ssl-cert-snakeoil.key'):
- subprocess.call(['/usr/sbin/make-ssl-cert generate-default-
snakeoil'])
-
- if os.path.isfile('/etc/ssl/private/ssl-cert-snakeoil.key'):
- imapd_settings['tls_cert_file'] = "/etc/ssl/certs/ssl-cert-
snakeoil.pem"
- imapd_settings['tls_ca_file'] = "/etc/ssl/certs/ssl-cert-snakeoil.pem"
- imapd_settings['tls_key_file'] = "/etc/ssl/private/ssl-cert-
snakeoil.key"
template_file = None
diff --git a/pykolab/setup/setup_mta.py b/pykolab/setup/setup_mta.py
index 40e6555..c02b024 100644
--- a/pykolab/setup/setup_mta.py
+++ b/pykolab/setup/setup_mta.py
@@ -212,15 +212,10 @@ result_attribute = mail
if os.path.isfile('/etc/pki/tls/certs/make-dummy-cert') and not
os.path.isfile('/etc/pki/tls/private/localhost.pem'):
subprocess.call(['/etc/pki/tls/certs/make-dummy-cert',
'/etc/pki/tls/private/localhost.pem'])
- elif os.path.isfile('/usr/sbin/make-ssl-cert') and not
os.path.isfile('/etc/ssl/private/ssl-cert-snakeoil.key'):
- subprocess.call(['/usr/sbin/make-ssl-cert generate-default-
snakeoil'])
if os.path.isfile('/etc/pki/tls/private/localhost.pem'):
postfix_main_settings['smtpd_tls_cert_file'] =
"/etc/pki/tls/private/localhost.pem"
postfix_main_settings['smtpd_tls_key_file'] =
"/etc/pki/tls/private/localhost.pem"
- elif os.path.isfile('/etc/ssl/private/ssl-cert-snakeoil.key'):
- postfix_main_settings['smtpd_tls_cert_file'] =
"/etc/ssl/certs/ssl-cert-snakeoil.pem"
- postfix_main_settings['smtpd_tls_key_file'] =
"/etc/ssl/private/ssl-cert-snakeoil.key"
if not os.path.isfile('/etc/postfix/main.cf'):
if os.path.isfile('/usr/share/postfix/main.cf.debian'):
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.kolab.org/pipermail/devel/attachments/20121219/1d51fcc2/attachment.sig>
More information about the devel
mailing list