ASIX/M08/UF3/PT11/33
< ASIX/M08/UF3 | PT11
Salta a la navegació
Salta a la cerca
Crear certificat SSL
Primer de tot haurem de crear un certificat SSL amb la seva clau privada:
[root@mail ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/certs/server.key -out /etc/pki/tls/certs/server.crt Generating a 2048 bit RSA private key .....+++ ................+++ writing new private key to '/etc/pki/tls/certs/server.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:ES State or Province Name (full name) []:Catalunya Locality Name (eg, city) [Default City]:Tona Organization Name (eg, company) [Default Company Ltd]:Boeck Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:mail.boeck.cat Email Address []:guillem@boeck.cat
Configuració
Editarem /etc/postfix/main.cf i afegirem al final:
smtpd_use_tls = yes smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt smtpd_tls_key_file = /etc/pki/tls/certs/server.key smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
De manera que definim que Postfix faci servir TLS i li passem el certificat i la clau privada que utilitzarà per a xifrar les comunicacions. Aquests certificats són autosignats i generats a l'apartat anterior; per tant, no seran confiables per un tercer.
A l'arxiu /etc/postfix/master.cf:
- Línia 26-28: descomentar.
smtps inet n - n - - smtpd # -o syslog_name=postfix/smtps -o smtpd_tls_wrappermode=yes
A l'arxiu /etc/dovecot/conf.d/10-ssl.conf:
- Línia 8: editar.
ssl = yes
- Línia 14-15: descomentar i editar
ssl_cert = </etc/pki/tls/certs/server.crt ssl_key = </etc/pki/tls/certs/server.key
