Table of Contents
In these pages there are several Howtos about creating and installing ssl certificates. Altought most of them are correct, they generate too many certificates and lack a common directory where to store the certs.
You can go to this page on the forum for more information or discussion about this page. http://www.isp-control.net/forum/thread-6327.html
This is just another procedure. Partially based on this
1. Installing dependencies
apt-get install openssl
2. Generate the certificates
This is the fastest way to generate certificates, you get two different keys, a password protected one, and a passwordless one.
SERVER_NAME=your_host_name cd /etc/ssl/certs echo $SERVER_NAME openssl genrsa -des3 -out $SERVER_NAME-pass.key 2048 openssl req -new -key $SERVER_NAME-pass.key -out $SERVER_NAME.csr openssl rsa -in $SERVER_NAME-pass.key -out $SERVER_NAME.key openssl x509 -req -days 365 -in $SERVER_NAME.csr -signkey $SERVER_NAME.key -out $SERVER_NAME.crt chmod 444 *.crt chmod 400 *.key
3. Dovecot ssl for imaps and pop3s
Change this lines in dovecot.conf
protocols = imap pop3 imaps pop3s ssl_disable = no #Certificate ssl_cert_file = /etc/ssl/certs/$SERVER_NAME.crt #Keys ssl_key_file = /etc/ssl/certs/$SERVER_NAME.key
4. Postfix ssl for smtps
Add this lines in /etc/postfix/main.cf
# TLS parameters; activate, if avaible/used smtpd_use_tls = yes smtpd_tls_loglevel = 2 smtpd_tls_cert_file = /etc/ssl/certs/$SERVER_NAME.crt smtpd_tls_key_file = /etc/ssl/certs/$SERVER_NAME.key #smtpd_tls_auth_only = no smtpd_tls_received_header = yes
: Add config details for courier
: Add config details for vsftpd
5. Apache ssl for the admin login
Your best bet for this is to follow the guide here: http://www.isp-control.net/documentation/doku.php?id=howto:defaultport The advantages of that solution is that you still have the port 443 for your hosting available for customer usage (look at http://www.isp-control.net/documentation/howto/both_https_and_not_https_when_creating_a_domain) and also a generic address to give to the customers (e.g. go to https://yourdomain.com:8443)
#Old version
Enable ssl module for apache
a2enmod ssl add "Listen 443" to /etc/apache2/ports.conf /etc/init.d/apache2 reload
Add these lines into /etc/apache/sites_available/00_master.conf and change the port from 80 to 443 Remember to change $SERVER_NAME into you real server name.
SSLEngine On SSLCertificateFile /etc/ssl/certs/$SERVER_NAME.crt SSLCertificateKeyFile /etc/ssl/certs/$SERVER_NAME.key ServerName $SERVER_NAME ServerAlias admin.$SERVER_NAME ServerAdmin admin@grn.es
/etc/init.d/apache2 reload
Here a sample 00_master.conf with mod_rewrite part so it moves you from http to https.
#
# Master Begin
#
<VirtualHost XXX.XXX.XXX.XXX:80>
ServerAdmin admin@yourdomain.com
DocumentRoot /var/www/ispcp/gui
ServerName admin.yourdomain.com
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com$1 [R,L]
ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log
TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log
CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff
CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined
</VirtualHost>
NameVirtualHost XXX.XXX.XXX.XXX:443
<VirtualHost XXX.XXX.XXX.XXX:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/ssl/certs/yourdomain.com.key
ServerAdmin admin@yourdomain.com
DocumentRoot /var/www/ispcp/gui
ServerName admin.yourdomain.com
ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log
TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log
CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff
CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined
Alias /errors /var/www/ispcp/gui/errordocs/
ErrorDocument 401 /errors/401.html
ErrorDocument 403 /errors/403.html
ErrorDocument 404 /errors/404.html
ErrorDocument 500 /errors/500.html
ErrorDocument 503 /errors/503.html
Alias /pma /var/www/ispcp/gui/tools/pma/
Alias /webmail /var/www/ispcp/gui/tools/webmail/
Alias /ftp /var/www/ispcp/gui/tools/filemanager/
<IfModule suexec_module>
SuexecUserGroup vu2000 vu2000
</IfModule>
<Directory /var/www/ispcp/gui>
Options -Indexes Includes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
<IfModule mod_fastcgi.c>
ScriptAlias /php4/ /var/www/fcgi/master/
ScriptAlias /php5/ /var/www/fcgi/master/
<Directory "/var/www/fcgi/master">
AllowOverride None
Options +ExecCGI MultiViews -Indexes
Order allow,deny
Allow from all
</Directory>
</IfModule>
<IfModule mod_php4.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>
<IfModule mod_php5.c>
<Directory /var/www/ispcp/gui>
php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/"
php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/"
php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/"
</Directory>
</IfModule>
</VirtualHost>
#
# Master End
#