In these pages there are several Howtos about creating and installing ssl certificates. Altought most of them are correct, they generate too many certificates and lack a common directory where to store the certs.
You can go to this page on the forum for more information or discussion about this page. http://www.isp-control.net/forum/thread-6327.html
This is just another procedure. Partially based on this
apt-get install openssl
This is the fastest way to generate certificates, you get two different keys, a password protected one, and a passwordless one.
SERVER_NAME=your_host_name cd /etc/ssl/certs echo $SERVER_NAME openssl genrsa -des3 -out $SERVER_NAME-pass.key 2048 openssl req -new -key $SERVER_NAME-pass.key -out $SERVER_NAME.csr openssl rsa -in $SERVER_NAME-pass.key -out $SERVER_NAME.key openssl x509 -req -days 365 -in $SERVER_NAME.csr -signkey $SERVER_NAME.key -out $SERVER_NAME.crt chmod 444 *.crt chmod 400 *.key
Change this lines in dovecot.conf
protocols = imap pop3 imaps pop3s ssl_disable = no #Certificate ssl_cert_file = /etc/ssl/certs/$SERVER_NAME.crt #Keys ssl_key_file = /etc/ssl/certs/$SERVER_NAME.key
Add this lines in /etc/postfix/main.cf
# TLS parameters; activate, if avaible/used smtpd_use_tls = yes smtpd_tls_loglevel = 2 smtpd_tls_cert_file = /etc/ssl/certs/$SERVER_NAME.crt smtpd_tls_key_file = /etc/ssl/certs/$SERVER_NAME.key #smtpd_tls_auth_only = no smtpd_tls_received_header = yes
: Add config details for courier
: Add config details for vsftpd
Your best bet for this is to follow the guide here: http://www.isp-control.net/documentation/doku.php?id=howto:defaultport The advantages of that solution is that you still have the port 443 for your hosting available for customer usage (look at http://www.isp-control.net/documentation/howto/both_https_and_not_https_when_creating_a_domain) and also a generic address to give to the customers (e.g. go to https://yourdomain.com:8443)
#Old version
Enable ssl module for apache
a2enmod ssl add "Listen 443" to /etc/apache2/ports.conf /etc/init.d/apache2 reload
Add these lines into /etc/apache/sites_available/00_master.conf and change the port from 80 to 443 Remember to change $SERVER_NAME into you real server name.
SSLEngine On SSLCertificateFile /etc/ssl/certs/$SERVER_NAME.crt SSLCertificateKeyFile /etc/ssl/certs/$SERVER_NAME.key ServerName $SERVER_NAME ServerAlias admin.$SERVER_NAME ServerAdmin admin@grn.es
/etc/init.d/apache2 reload
# # Master Begin # <VirtualHost XXX.XXX.XXX.XXX:80> ServerAdmin admin@yourdomain.com DocumentRoot /var/www/ispcp/gui ServerName admin.yourdomain.com RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com$1 [R,L] ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined </VirtualHost> NameVirtualHost XXX.XXX.XXX.XXX:443 <VirtualHost XXX.XXX.XXX.XXX:443> SSLEngine On SSLCertificateFile /etc/ssl/certs/yourdomain.com.crt SSLCertificateKeyFile /etc/ssl/certs/yourdomain.com.key ServerAdmin admin@yourdomain.com DocumentRoot /var/www/ispcp/gui ServerName admin.yourdomain.com ErrorLog /var/log/apache2/users/admin.yourdomain.com-error.log TransferLog /var/log/apache2/users/admin.yourdomain.com-access.log CustomLog /var/log/apache2/admin.yourdomain.com-traf.log traff CustomLog /var/log/apache2/admin.yourdomain.com-combined.log combined Alias /errors /var/www/ispcp/gui/errordocs/ ErrorDocument 401 /errors/401.html ErrorDocument 403 /errors/403.html ErrorDocument 404 /errors/404.html ErrorDocument 500 /errors/500.html ErrorDocument 503 /errors/503.html Alias /pma /var/www/ispcp/gui/tools/pma/ Alias /webmail /var/www/ispcp/gui/tools/webmail/ Alias /ftp /var/www/ispcp/gui/tools/filemanager/ <IfModule suexec_module> SuexecUserGroup vu2000 vu2000 </IfModule> <Directory /var/www/ispcp/gui> Options -Indexes Includes FollowSymLinks MultiViews AllowOverride None Order allow,deny Allow from all </Directory> <IfModule mod_fastcgi.c> ScriptAlias /php4/ /var/www/fcgi/master/ ScriptAlias /php5/ /var/www/fcgi/master/ <Directory "/var/www/fcgi/master"> AllowOverride None Options +ExecCGI MultiViews -Indexes Order allow,deny Allow from all </Directory> </IfModule> <IfModule mod_php4.c> <Directory /var/www/ispcp/gui> php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/" php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/" php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/" </Directory> </IfModule> <IfModule mod_php5.c> <Directory /var/www/ispcp/gui> php_admin_value open_basedir "/var/www/ispcp/gui/:/etc/ispcp/:/var/run/ispcp.lock:/proc/:/bin/df:/bin/mount:/var/log/rkhunter.log:/var/log/chkrootkit.log:/usr/share/php/" php_admin_value session.save_path "/var/www/ispcp/gui/phptmp/" php_admin_value upload_tmp_dir "/var/www/ispcp/gui/phptmp/" </Directory> </IfModule> </VirtualHost> # # Master End #