Self Signed SSL certs
Reuben D. Budiardja
techlist at voyager.phys.utk.edu
Thu Jun 24 19:57:24 UTC 2004
On Thursday 24 June 2004 03:31 pm, Chris Barnes wrote:
> Is there a good HOWTO that will show a person that has a medium level of
> Linux knowlege how to create and use a self signed SSL certificate on a
> Fedora core 1 system?
>
> My intended uses are for imaps, pop3s, & https (squirrelmail via secure
> connection).
I haven't tried this specifically on a Fedora Core 1 system, but I assume it
should be something similar. I've done this for RHEL 3 ( Fedora specific
questions should be sent to the fedora-list anyway).
Redhat usually already have generic certificate for imaps and pop3s. All you
need to do is enable the service by either editing in /etc/xinetd.conf/imaps
and /etc/xinetd.conf/pop3s, then restart xinetd, or run:
$> chkconfig pop3s on
$> chkconfig imap3s on
Try those first, and it's easy to test if imaps and ipops working or not. Just
get a mail client that support it and try to connect to the server.
If you need to create/recreate your own certificate, in the directory:
/usr/share/ssl/certs there is a Makefile. Run that and answer the questions,
and you should get a new certificate for imaps and pop3s.
For Apache, I followed the guide here:
https://www.redhat.com/docs/manuals/enterprise/RHEL-3-Manual/sysadmin-guide/
look at chapter 27. I assume it should be something similar to that.
> This should include *everything* including the needed changes to
> iptables, re-doing apache (modsll?), and any changes to sendmail.mc.
Your IP tables should allow connection to ports:
995 for pop3s
993 for imaps
443 for https
mod_ssl should already be included by your Apache version, so you don't need
to recompile.
No need to do any changes to sendmail.mc.
If your squirellmail is on the same host with the IMAP server, then you
probably don't really need secure imap (imaps). All you need is secure HTTP.
Hope that helps.
RDB
--
Reuben D. Budiardja
Department of Physics and Astronomy
The University of Tennessee, Knoxville, TN
---------------------------------------------------------
"To be a nemesis, you have to actively try to destroy
something, don't you? Really, I'm not out to destroy
Microsoft. That will just be a completely unintentional
side effect."
- Linus Torvalds -
More information about the redhat-list
mailing list