572
edits
Changes
→Online Submission (Peter Callaghan's Classes only)
==OBJECTIVE & PREPARATION==
{{Admon/important|Prerequistites|This lab depends on changes made in several previous labs. You must have successfully completed labs 3, 4a, 4b, and 5 6 in order to be able to do this lab.}}
Below is the same diagram that we referred to over the previous 2 email labs:
* [https://www.e-rave.nl/create-a-self-signed-ssl-key-for-postfix Create a self signed SSL key for Postfix]
* [http://wiki2.dovecot.org/SSL/DovecotConfiguration Dovecot SSL configuration]
== INVESTIGATION 1: GENERATING A SELF-SIGNED CERTIFICATE ==
#Let's start with the "sending" SMTP server we have on VM2. Run the following, replacing <u>andrewsmith.ops</u> with '''<u>your</u> domain name''':
<source lang="bash">mkdir -p /root/postfix-keys /etc/ssl/{private,certs}
cd /root/postfix-keys
openssl genrsa -des3 -out vm2.andrewsmith.ops.key 2048
# Let's start by generating a new certificate for Dovecot on your vm3 machine by issuing the following commands:
<source lang="bash">mkdir /etc/ssl/{private,certs}
openssl genrsa -des3 -out vm3.andrewsmith.ops.key 2048
chmod 600 vm3.andrewsmith.ops.key
<ol><li value="2">Next, we need to configure Dovecot to use this for encrypted connections and not allow any kind of plain text connections. Edit the '''10-auth.conf''', <u>and</u> '''10-ssl.conf''' files and change the following settings (note: these parameters already exist in those files, just find them and set them to the correct value):</li></ol>
<source lang="bash">ssl = requiredssl_cert = <path_to_your_crt_file>ssl_key = <path_to_your_key_file>
disable_plaintext_auth = yes
</source>
Now that the webmail application is using an encrypted connection when communicating with the email servers, it is time to encrypt the client's connection to the web server.
# First you need to generate a new certificate for apache on your vm1 machine by issuing the following commands:
<source lang="bash">mkdir /etc/ssl/{private,certs}
openssl genrsa -des3 -out vm1.andrewsmith.ops.key 2048
chmod 600 vm1.andrewsmith.ops.key
#Add the following parameters to the apache configuration file:
<source lang="bash">
SSLEngine on
SSLCertificateFile "<absolute path to the .crt file>"
#Open a web-browser on your host and try to connect to https://vm1.<yourdomain>.ops/webmail
::You should get a security exception similar to the one's you saw with the email, and for the same reason (the site you are trying to contact has a self-signed certificate). Add the exception and login to access your email.
::Send an email to ensure everything is functioning properly.
{{Admon/important |Backup your VMs!|You MUST perform a '''full backup''' of ALL of your VMs whenever you complete your '''OPS335 labs''' or when working on your '''OPS335 assignments'''. You should be using the dump command, and you should use the Bash shell script that you were adviced to create in order to backup all of your VMs.}}
'''Depending on your professor you will either be asked to submit the lab in class, or online. Follow the appropriate set of instructions below.'''
===Online Submission (Peter CallaghanAhad Mammadov's Classes only)===
Follow the instructions for lab 8 on blackboard.