RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Tag: SSL
Renew certificates for Postfix and Courier on ISPConfig
mx1 ~ # cd /root/ssl-zertifikat/ mx1 ~/ssl-zertifikat # mkdir ./archiv/2016 mx1 ~/ssl-zertifikat # mv ./* ./archiv/2016 mx1 ~/ssl-zertifikat # openssl genrsa -des3 -out mx1.wiretrip.de.key 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)
Enter pass phrase for mx1.wiretrip.de.key:
Verifying - Enter pass phrase for mx1.wiretrip.de.key:
mx1 ~/ssl-zertifikat # openssl req -new -key mx1.wiretrip.de.key -out mx1.wiretrip.de.csr
Enter pass phrase for mx1.wiretrip.de.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:BY
Locality Name (eg, city) []:NUREMBERG
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WIRETRIP WEB ARCHITECTURE
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:mx1.wiretrip.de
Email Address []:----@wiretrip.de
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:WIRETRIP WEB ARCHITECTURE
mx1 ~/ssl-zertifikat # openssl x509 -req -days 365 -in mx1.wiretrip.de.csr -signkey mx1.wiretrip.de.key -out mx1.wiretrip.de.crt
Signature ok
subject=/C=DE/ST=BY/L=NUREMBERG/O=WIRETRIP WEB ARCHITECTURE/OU=IT/CN=mx1.wiretrip.de/emailAddress=----@wiretrip.de
Getting Private key
Enter pass phrase for mx1.wiretrip.de.key
mx1 ~/ssl-zertifikat # openssl rsa -in mx1.wiretrip.de.key -out mx1.wiretrip.de.key.nopass
Enter pass phrase for mx1.wiretrip.de.key:
writing RSA key
mx1 ~/ssl-zertifikat # mv mx1.wiretrip.de.key.nopass mx1.wiretrip.de.key
mx1 ~/ssl-zertifikat # openssl req -new -x509 -extensions v3_ca -keyout cakey.pem -out cacert.pem -days 3650
Generating a 2048 bit RSA private key
writing new private key to 'cakey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:DE
State or Province Name (full name) [Some-State]:BY
Locality Name (eg, city) []:NUREMBERG
Organization Name (eg, company) [Internet Widgits Pty Ltd]:WIRETRIP WEB ARCHITECTURE
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:mx1.wiretrip.de
Email Address []:----@wiretrip.de
mx1 ~/ssl-zertifikat # cd /etc/postfix/ mx1 /etc/postfix # mv smtpd.cert smtpd.cert.old mx1 /etc/postfix # mv smtpd.key smtpd.key.old mx1 /etc/postfix # cp -a /root/ssl-zertifikat/mx1.wiretrip.de.crt ./ mx1 /etc/postfix # cp -a /root/ssl-zertifikat/mx1.wiretrip.de.key ./ mx1 /etc/postfix # chmod 600 ./mx1.wiretrip.de.key mx1 /etc/postfix # chmod 600 ./mx1.wiretrip.de.crt mx1 /etc/postfix # mv mx1.wiretrip.de.crt ./smtpd.cert mx1 /etc/postfix # mv mx1.wiretrip.de.key ./smtpd.key mx1 /etc/postfix # /etc/init.d/postfix restart
[ ok ] Stopping Postfix Mail Transport Agent: postfix.
[ ok ] Starting Postfix Mail Transport Agent: postfix.
mx1 /etc/postfix # cd /etc/courier mx1 /etc/courier # rm -f /etc/courier/imapd.pem mx1 /etc/courier # rm -f /etc/courier/pop3d.pem mx1 /etc/courier # vim /etc/courier/imapd.cnf mx1 /etc/courier # vim /etc/courier/pop3d.cnf mx1 /etc/courier :( # rm -f /usr/lib/courier/imapd.pem mx1 /etc/courier # rm -f /usr/lib/courier/pop3d.pem mx1 /etc/courier # mkimapdcert
Generating a 1024 bit RSA private key
writing new private key to '/usr/lib/courier/imapd.pem'
-----
1024 semi-random bytes loaded
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
subject= /C=DE/ST=BY/L=NUERNBERG/O=WIRETRIP WEB ARCHITECTURE/OU=IT/CN=mx1.wiretrip.de/emailAddress=----@wiretrip.de
notBefore=Sep 15 14:05:59 2014 GMT
notAfter=Sep 15 14:05:59 2015 GMT
mx1 /etc/courier # mkpop3dcert
Generating a 1024 bit RSA private key
writing new private key to '/usr/lib/courier/pop3d.pem'
-----
1024 semi-random bytes loaded
Generating DH parameters, 512 bit long safe prime, generator 2
This is going to take a long time
subject= /C=DE/ST=BY/L=NUERNBERG/O=WIRETRIP WEB ARCHITECTURE/OU=IT/CN=mx1.wiretrip.de/emailAddress=----@wiretrip.de
notBefore=Sep 15 14:06:13 2014 GMT
notAfter=Sep 15 14:06:13 2015 GMT
mx1 /etc/courier # cp -a /usr/lib/courier/pop3d.pem ./ mx1 /etc/courier # cp -a /usr/lib/courier/imapd.pem ./ mx1 /etc/courier # /etc/init.d/courier-imap-ssl restart mx1 /etc/courier # /etc/init.d/courier-pop-ssl restart mx1 /etc/courier # /etc/init.d/courier-imap restart mx1 /etc/courier # /etc/init.d/courier-pop restart