[root@fedora ~]# cd /etc/pki/tls/certs
[root@mail certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key
Generating RSA private key, 1024 bit long modulus
………………………………………………++++++
………….++++++
e is 63295 (0x10001)
Enter pass phrase:
Verifying – Enter pass phrase:
[root@fedora certs]#
[root@fedora certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
[root@fedora certs]#
[root@fedora certs]# make server.csr
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]: //masukan id negara
State or Province Name (full name) [Berkshire]: //masukan propoinsi
Locality Name (eg, city) [Newbury]: //masukan kota
Organization Name (eg, company) [My Company Ltd]:Server Linux
Organizational Unit Name (eg, section) []: IT Solution
Common Name (eg, your server’s hostname) []: mail.fedora.net.id
Email Address []: root@fedora.net.id
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@fedora certs]#
[root@fedora certs]#
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
// create certificate file that is valid for 10 years
Signature ok
subject=/C=JP/ST=Hiroshima/L=Hiroshima/O=Server Linux/OU=IT Solution/CN=mail.server-linux.info/emailAddress=root@server-linux.info Getting Private key
[root@fedora certs]#chmod 400 server.*
[root@fedora certs]#
[root@fedora certs]#vi /etc/postfix/main.cf
smtpd_use_tls = yes // add them at the bottom
smtpd_tls_cert_file = /etc/pki/tls/certs/server.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_session_cache_database = btree:/etc/postfix/smtpd_scache
[root@fedora certs]#vi /etc/postfix/master.cf // line 14-16: make valid
smtps inet n – n – – smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
[root@fedora certs]# vi /etc/dovecot.conf
ssl_disable = no // line 85: make valid
ssl_cert_file = /etc/pki/tls/certs/server.crt // line 91: specify cert file
ssl_key_file = /etc/pki/tls/certs/server.key // line 92: specify key file
[root@fedora certs]# /etc/rc.d/init.d/postfix restart
Shutting down postfix: [ OK ]
Starting postfix: [ OK ]
[root@fedora certs]# /etc/rc.d/init.d/dovecot restart
Stopping Dovecot Imap: [ OK ]
Starting Dovecot Imap: [ OK ]
Periyadi's Blog 