Self Signed SSL certs

Reuben D. Budiardja techlist at voyager.phys.utk.edu
Thu Jun 24 19:57:24 UTC 2004 

On Thursday 24 June 2004 03:31 pm, Chris Barnes wrote:
> Is there a good HOWTO that will show a person that has a medium level of
> Linux knowlege how to create and use a self signed SSL certificate on a
> Fedora core 1 system?
>
> My intended uses are for imaps, pop3s, & https (squirrelmail via secure
> connection).

I haven't tried this specifically on a Fedora Core 1 system, but I assume it 
should be something similar. I've done this for RHEL 3 ( Fedora specific 
questions should be sent to the fedora-list anyway).

Redhat usually already have generic certificate for imaps and pop3s. All you 
need to do is enable the service by either editing in /etc/xinetd.conf/imaps 
and  /etc/xinetd.conf/pop3s, then restart xinetd, or run:
$> chkconfig pop3s on
$> chkconfig imap3s on 

Try those first, and it's easy to test if imaps and ipops working or not. Just 
get a mail client that support it and try to connect to the server. 

If you need to create/recreate your own certificate, in the directory: 
/usr/share/ssl/certs there is a Makefile. Run that and answer the questions, 
and you should get a new certificate for imaps and pop3s.

For Apache, I followed the guide here:
https://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/sysadmin-guide/

look at chapter 27. I assume it should be something similar to that. 

> This should include *everything* including the needed changes to
> iptables, re-doing apache (modsll?), and any changes to sendmail.mc.

Your IP tables should allow connection to ports:
995 for pop3s 
993 for imaps
443 for https

mod_ssl should already be included by your Apache version, so you don't need 
to recompile. 

No need to do any changes to sendmail.mc.

If your squirellmail is on the same host with the IMAP server, then you 
probably don't really need secure imap (imaps). All you need is secure HTTP.

Hope that helps.
RDB

-- 
Reuben D. Budiardja
Department of Physics and Astronomy
The University of Tennessee, Knoxville, TN
---------------------------------------------------------
"To be a nemesis, you have to actively try to destroy 
something, don't you? Really, I'm not out to destroy 
Microsoft. That will just be a completely unintentional 
side effect."
                 - Linus Torvalds -

More information about the redhat-list mailing list