little DA + Apache + Dovecot + Exim SSL FAQ

little DA + Apache + Dovecot + Exim SSL FAQ

Hello,

So I’ve bought DA, and wanted to secure it with SSL sertificate. I bought one from a vendor.. here are the instruction on how to use this ssl cert on DA Panel, apache, dovecot, exim.

# Firstly, we generate CSR certificate: (source: http://help.directadmin.com/item.php?id=256 )

cd /root
/usr/bin/openssl genrsa 2048 > private.key
/usr/bin/openssl req -new -key private.key

# after we provided with CSR, we will get the certificate file from our vendor…

# before moving certificates, we back up old DA certificate files:
mv /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/cacert.pem.`date +’%Y-%m-%d.%H%M%S’`
mv /usr/local/directadmin/conf/cakey.pem /usr/local/directadmin/conf/cakey.pem.`date +’%Y-%m-%d.%H%M%S’`

# now we move our generated CSR key:
mv /root/private.key /usr/local/directadmin/conf/cakey.pem
# also we paste the certificate we got from a vendor and paste
# it to: /usr/local/directadmin/conf/cacert.pem

#now we fix permissions:
chown root:root /usr/local/directadmin/conf/cacert.pem
chmod 600 /usr/local/directadmin/conf/cacert.pem
chown root:root /usr/local/directadmin/conf/cakey.pem
chmod 600 /usr/local/directadmin/conf/cakey.pem

#from here, we are ready with protecting DirectAdmin.

#Apache configuration…:

# we back up old Apache certificates
mv /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server.crt.`date +’%Y-%m-%d.%H%M%S’`
mv /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server.key.`date +’%Y-%m-%d.%H%M%S’`

#Link new certificates from DirectAdmin panel to Apache:
ln -s /usr/local/directadmin/conf/cacert.pem /etc/httpd/conf/ssl.crt/server.crt
ln -s /usr/local/directadmin/conf/cakey.pem /etc/httpd/conf/ssl.key/server.key

# Apache done.

# dovecot uses apache sertificate paths, so no bother about it.

# Exim:
# backing up old Exim certificates
mv /etc/exim.cert /etc/exim.cert.`date +’%Y-%m-%d.%H%M%S’`
mv /etc/exim.key /etc/exim.key.`date +’%Y-%m-%d.%H%M%S’`

# we can’t link this, since exim needs read permission to a cert, and key. and both are owned by root:root
# so we copy them, and change permissions:

cp /usr/local/directadmin/conf/cacert.pem /etc/exim.cert
chown mail:mail /etc/exim.cert
chmod 600 /etc/exim.cert

cp /usr/local/directadmin/conf/cakey.pem /etc/exim.key
chown mail:mail /etc/exim.key
chmod 600 /etc/exim.key

# Exim done

# restart services
/etc/init.d/httpd restart
/etc/init.d/dovecot restart
/etc/init.d/exim restart

Maybe such a post exists, but I did find it then 🙁

Comments are closed.