Author Topic: SSL for the mail server?  (Read 420 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
SSL for the mail server?
« on: February 03, 2019, 10:31:12 PM »
Hi,

Setting the SSL for the main domain was surprisingly fast and easy.

How can it be applied to the mail server?

My host in postfix is:

Current Settings in Postfix:
mydomain = example.com
myhostname = mail.example.com

Anyone know how to add the SSL to mail.example.com so that mail clients can connect securely?

Thanks!

Offline
*
Re: SSL for the mail server?
« Reply #1 on: February 03, 2019, 11:22:58 PM »
Hi,

Here is what I made to add a SSL for my mail server:

Keep in mind: The location for generated csr and key are in /etc/pki/tls/certs (for csr) and /etc/pki/tls/private (for key)

1. I bought a SSL certificate Comodo Positive SSL (it was the cheapest, any certificate would do this trick.) for the hostname (in your example: mail.domain.example).
2. Upload the generated certificates (yourdomainname.crt and yourdomainname.ca-bundle) on /etc/pki/tls/.
3. Combine the uploaded files into one:
Code: [Select]
cat /etc/pki/tls/yourdomainname.crt /etc/pki/tls/yourdomainname.ca-bundle >> /etc/pki/tls/certificate.crt4. Open /etc/postfix/main.cf and edit the lines:
Code: [Select]
smtpd_tls_cert_file=/etc/pki/tls/certificate.crt
smtpd_tls_key_file=/etc/pki/tls/private/yourdomainname.key
5. Delete from /etc/postfix/main.cf the lines with CAcert file, I had 2 of them in the file.
6. Open /etc/dovecot/dovecot.conf and edit the lines:
Code: [Select]
ssl_cert = </etc/pki/tls/certificate.crt
ssl_key = </etc/pki/tls/private/yourdomainname.key
7. Save and close the files, restart mail services, and your mail server SSL is working 100%.

Just be sure to enter the right path for your files! Verify your paths first.

Offline
*
Re: SSL for the mail server?
« Reply #2 on: February 04, 2019, 04:05:33 AM »
Is this not possible with the free Let's Encrypt one available through the Web Panel?

Offline
*
Re: SSL for the mail server?
« Reply #3 on: February 04, 2019, 04:14:29 PM »
Here it is : goo.gl/Ys764T , This is google short link url .

direct link: http://forum.centos-webpanel.com/ssl/install-let'sencrypt-for-admin-panel-user-panel-again-100-working/

I wrote a blog on http://forum.centos-webpanel.com regarding Let's Encrypt SSL Certificate for CentOS Web Panel when "Letsencrypt Manager"  option was exist under Apache Settings >> Letsencrypt Manager >> Install Letsencrypt .

At Present CWP Team has been removed "Letsencrypt Manager"  that's why it will not renew any cert automatic . They made Auto SSL by default but Auto SSL grade is B and I'm not satisfied with Auto SSL.

Previous Article Link : http://forum.centos-webpanel.com/ssl/install-letsencrypt-ssl-certificate-for-your-server-hostnamefqdn-100-working/

Offline
*
Re: SSL for the mail server?
« Reply #4 on: February 06, 2019, 01:08:54 AM »
Ok, even though you don't like it, can auto ssl be put on the mail server?