1,234
edits
Changes
no edit summary
#Let's start with the "sending" SMTP server we have on VM2. Run the following, replacing <u>andrewsmith.ops</u> with '''<u>your</u> domain name''':
<source lang="bash">mkdir -p /root/postfix-keys /etc/ssl/{private,certs}
cd /root/postfix-keys
openssl genrsa -des3 -out vm2.andrewsmith.ops.key 2048
# Let's start by generating a new certificate for Dovecot on your vm3 machine by issuing the following commands:
<source lang="bash">mkdir /etc/ssl/{private,certs}
openssl genrsa -des3 -out vm3.andrewsmith.ops.key 2048
chmod 600 vm3.andrewsmith.ops.key
<ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''10-auth.conf''', <u>and</u> '''10-ssl.conf''' files and change the following settings (note: these parameters already exist in those files, just find them and set them to the correct value):</li></ol>
<source lang="bash">ssl = required
ssl_cert = <path_to_your_crt_file>
ssl_key = <path_to_your_key_file>
Now that the webmail application is using an encrypted connection when communicating with the email servers, it is time to encrypt the client's connection to the web server.
# First you need to generate a new certificate for apache on your vm1 machine by issuing the following commands:
<source lang="bash">mkdir /etc/ssl/{private,certs}
openssl genrsa -des3 -out vm1.andrewsmith.ops.key 2048
chmod 600 vm1.andrewsmith.ops.key
#Add the following parameters to the apache configuration file:
<source lang="bash">
SSLEngine on
SSLCertificateFile "<absolute path to the .crt file>"