In these pages there are several Howtos about creating and installing ssl certificates. Altought most of them are correct, they generate too many certificates and lack a common directory where to store the certs. You can go to this page on the forum for more information or discussion about this page. http://www.isp-control.net/forum/thread-6327.html This is just another procedure. Partially based on [[http://www.isp-control.net/documentation/howto/security/create_your_own_ssl_ca_and_secure_multiple_services#create_the_certificate_for_the_postfix_server|this]] ===== 1. Installing dependencies ===== apt-get install openssl ===== 2. Generate the certificates ===== This is the fastest way to generate certificates, you get two different keys, a password protected one, and a passwordless one. SERVER_NAME=your_host_name cd /etc/ssl/certs echo $SERVER_NAME openssl genrsa -des3 -out $SERVER_NAME-pass.key 2048 openssl req -new -key $SERVER_NAME-pass.key -out $SERVER_NAME.csr openssl rsa -in $SERVER_NAME-pass.key -out $SERVER_NAME.key openssl x509 -req -days 365 -in $SERVER_NAME.csr -signkey $SERVER_NAME.key -out $SERVER_NAME.crt chmod 444 *.crt chmod 400 *.key ===== 3. Dovecot ssl for imaps and pop3s ===== Change this lines in dovecot.conf protocols = imap pop3 imaps pop3s ssl_disable = no #Certificate ssl_cert_file = /etc/ssl/certs/$SERVER_NAME.crt #Keys ssl_key_file = /etc/ssl/certs/$SERVER_NAME.key ===== 4. Postfix ssl for smtps ===== Add this lines in /etc/postfix/main.cf # TLS parameters; activate, if avaible/used smtpd_use_tls = yes smtpd_tls_loglevel = 2 smtpd_tls_cert_file = /etc/ssl/certs/$SERVER_NAME.crt smtpd_tls_key_file = /etc/ssl/certs/$SERVER_NAME.key #smtpd_tls_auth_only = no smtpd_tls_received_header = yes FIXME: Add config details for courier FIXME: Add config details for vsftpd ===== 5. Apache ssl for the admin login ===== Your best bet for this is to follow the guide here: http://www.isp-control.net/documentation/doku.php?id=howto:defaultport The advantages of that solution is that you still have the port 443 for your hosting available for customer usage (look at http://www.isp-control.net/documentation/howto/both_https_and_not_https_when_creating_a_domain) and also a generic address to give to the customers (e.g. go to https://yourdomain.com:8443) #Old version Enable ssl module for apache a2enmod ssl add "Listen 443" to /etc/apache2/ports.conf /etc/init.d/apache2 reload Add these lines into /etc/apache/sites_available/00_master.conf and change the port from 80 to 443 Remember to change $SERVER_NAME into you real server name. SSLEngine On SSLCertificateFile /etc/ssl/certs/$SERVER_NAME.crt SSLCertificateKeyFile /etc/ssl/certs/$SERVER_NAME.key ServerName $SERVER_NAME ServerAlias admin.$SERVER_NAME ServerAdmin admin@grn.es /etc/init.d/apache2 reload ===== Here a sample 00_master.conf with mod_rewrite part so it moves you from http to https. ===== # # Master Begin # ServerAdmin admin@yourdomain.com DocumentRoot /var/www/ispcp/gui ServerName admin.yourdomain.com RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com$1 [R,L] ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined NameVirtualHost XXX.XXX.XXX.XXX:443 SSLEngine On SSLCertificateFile /etc/ssl/certs/yourdomain.com.crt SSLCertificateKeyFile /etc/ssl/certs/yourdomain.com.key ServerAdmin admin@yourdomain.com DocumentRoot /var/www/ispcp/gui ServerName admin.yourdomain.com ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined Alias /errors /var/www/ispcp/gui/errordocs/ ErrorDocument 401 /errors/401.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html ErrorDocument 503 /errors/503.html Alias /pma /var/www/ispcp/gui/tools/pma/ Alias /webmail /var/www/ispcp/gui/tools/webmail/ Alias /ftp /var/www/ispcp/gui/tools/filemanager/ SuexecUserGroup vu2000 vu2000 Options -Indexes Includes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all ScriptAlias /php4/ /var/www/fcgi/master/ ScriptAlias /php5/ /var/www/fcgi/master/ AllowOverride None Options +ExecCGI MultiViews -Indexes Order allow,deny Allow from all php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/" php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/" php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/" php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/" php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/" php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/" # # Master End #