Courier Imap-SSL: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
mNo edit summary |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
==Installazione== | |||
* Installare il pacchetto: | * Installare il pacchetto: | ||
sudo apt-get install courier-imap-ssl | |||
apt-get install courier-imap-ssl | |||
== Utilizzo del certificato SSL autogenerato == | |||
Il certificato SSL di trova in /usr/lib/courier/imapd.pem. | Il certificato SSL di trova in /usr/lib/courier/imapd.pem. | ||
Se lo si vuole rigenerare usando i dati del cliente, editare i parametri del certificato in | |||
sudoedit /etc/courier/imapd.cnf: | |||
<pre> | <pre> | ||
| Line 21: | Line 25: | ||
</pre> | </pre> | ||
Occorre cancellarlo per ricrearlo con i | *Occorre cancellarlo per ricrearlo con i parametri corretti: | ||
<pre> | |||
sudo rm -f /usr/lib/courier/imapd.pem | |||
sudo mkimapdcert | |||
</pre> | |||
* Riavviare Courier-Imap: | |||
sudo /etc/init.d/courier-imap restart | |||
== Utilizzo di un certificato SSL firmato da una propria CA == | |||
* Preparare il certificato | |||
* Esportare il certificato in ''mail.nome.dom.crt'' | |||
* Esportare la private key '''senza password''' in: ''mail.nome.dom.key'' | |||
* Copiarli sulla macchina | |||
* Copiare anche il certificato della CA ''ca.nome.dom.crt'' | |||
* Fare una copia dei certificati originali: | |||
<pre> | <pre> | ||
cd /etc/courier | |||
cp imapd.pem imapd.pem.ori | |||
cp pop3.pem pop3d.pem.ori | |||
</pre> | </pre> | ||
* | * Concatenare i due certificati in un unico file: | ||
cat /tmp/mail.nome.dom.key /tmp/mail.nome.dom.crt > mail.nome.dom.pem | |||
Si otterà una cosa del genere: | |||
<pre> | <pre> | ||
/ | # cat mail.nome.dom.pem | ||
/ | -----BEGIN RSA PRIVATE KEY----- | ||
MIICXAIBAAKBgQCa+MWVxKIl6bJivlDOYDXdGpS6Me1048DS+ONrcklIEuYBQX/g | |||
bN8ng+G2NlnnHSmGfhHGK40mOHTaGN9nVQ0tEcyThrKOSNk1DtHVVpxV2uD8lgEg | |||
pwp//GtM+qb73tvWxYd4aeERJhhT/Pyg79RHVBsDWcJ5kZuy1aph1uGFZwIDAQAB | |||
AoGAdZ6s8EAexWG7F8DUud5B43/CNBOi413dQwLOMQW74u0dDwT0lpRrRqWNEWvt | |||
DkGO+9oBiYQSjFi7L7FDFj1yUn1cc5HE21DvUO3SCU5/kxedIG300ZwH8ejKsiAu | |||
32QQrukNI2UhGv8pIqA/09V5vBS7ryJduJw/V38cgc/HYvkCQQDI2MXHzUb7HK4L | |||
AnqeAbea57aIwu3JxQpTGQpr45ZpHKskwdkPErJ7gYVEF2gTKSbtE9vD/W/ifbGO | |||
h4ccI7stAkEAxYcOHSOZV60w6Rqo3tGLoNkh7Uk8QKvKfCAZ37sDvZqiaL1ygV4S | |||
/Q75Co9tR3bAVR5obXOU7qco3mlyRsqPYwJBAI0l0nDk8ZI+CI4SMuviFw9U8jHQ | |||
k93tjKDzgyBpM+Yw0JGnbYyrPiWP04ET1f9JN2L7RsHI1R1d6i9ZTXlYHw0CQFnr | |||
U0d8jy/UjbFwC3PznEaK0eD9N8qQ6cp7qouozNkhbdGUfG3b73T3vfNKu4qOypt1 | |||
DkDVHvVNb1NgWT9UstUCQBwj1GkXjhZJ1ZF/qzsyww+z1B0+hzM+ZfSDcIZeO3dD | |||
t/Wo1R+MWiTsr3X0wAvq4+R4xjxkojv/yf7Z8wKotFw= | |||
-----END RSA PRIVATE KEY----- | |||
-----BEGIN CERTIFICATE----- | |||
MIID3zCCA0igAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBijEVMBMGA1UEAxMMY2Eu | |||
Z3NzcGEubmV0MQswCQYDVQQGEwJJVDEQMA4GA1UEBxMHU2Fzc2FyaTELMAkGA1UE | |||
CBMCU1MxEjAQBgNVBAoTCUdTIFMucC5BLjELMAkGA1UECxMCQ0ExJDAiBgkqhkiG | |||
9w0BCQEWFWdhbC1hbGVydEBydm1ncm91cC5pdDAeFw0wNTExMjIwMDAwMDBaFw0x | |||
NTEyMzEyMzU5NTlaMIGOMRcwFQYDVQQDEw5tYWlsLmdzc3BhLm5ldDELMAkGA1UE | |||
BhMCSVQxEDAOBgNVBAcTB1Nhc3NhcmkxCzAJBgNVBAgTAlNTMRIwEAYDVQQKEwlH | |||
UyBTLnAuQS4xDTALBgNVBAsTBE1haWwxJDAiBgkqhkiG9w0BCQEWFWdhbC1hbGVy | |||
dEBydm1ncm91cC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmvjFlcSi | |||
JemyYr5QzmA13RqUujHtdOPA0vjja3JJSBLmAUF/4GzfJ4PhtjZZ5x0phn4RxiuN | |||
Jjh02hjfZ1UNLRHMk4ayjkjZNQ7R1VacVdrg/JYBIKcKf/xrTPqm+97b1sWHeGnh | |||
ESYYU/z8oO/UR1QbA1nCeZGbstWqYdbhhWcCAwEAAaOCAU0wggFJMAwGA1UdEwEB | |||
/wQCMAAwHQYDVR0OBBYEFFPW6j2H0jhujrDG8jA9J2k9NGfbMIG3BgNVHSMEga8w | |||
gayAFGhAoWzdKnYJxTxXKbZqqGNCJR3qoYGQpIGNMIGKMRUwEwYDVQQDEwxjYS5n | |||
c3NwYS5uZXQxCzAJBgNVBAYTAklUMRAwDgYDVQQHEwdTYXNzYXJpMQswCQYDVQQI | |||
EwJTUzESMBAGA1UEChMJR1MgUy5wLkEuMQswCQYDVQQLEwJDQTEkMCIGCSqGSIb3 | |||
DQEJARYVZ2FsLWFsZXJ0QHJ2bWdyb3VwLml0ggEBMAsGA1UdDwQEAwIF4DAgBgNV | |||
HREEGTAXgRVnYWwtYWxlcnRAcnZtZ3JvdXAuaXQwEQYJYIZIAYb4QgEBBAQDAgZA | |||
MB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEEBQAD | |||
gYEAGYiL0b6rZCOn+cGzYx4notvVL70/jFYyHTWBGayw+sDcZMvFTF07/GzypMNb | |||
CtlCIQLjiSNA9WCGPTdK9jbnBqsQP+wP+AWLnpj4iDsc/TVR9zm5bLOUnBoYNAVQ | |||
AeIG30W9O0kQ9pQS6VjNlrSpzapcFgrkhsiIQP5Xb32KsV0= | |||
-----END CERTIFICATE----- | |||
</pre> | </pre> | ||
* Impostare i certificati nella configurazione: | |||
sudoedit /etc/courier/imapd-ssl | |||
... | |||
TLS_CERTFILE=/path/to//mail.nome.dom.pem | |||
... | |||
TLS_TRUSTCERTS=/etc/postfix/ca.nome.dom.crt | |||
... | |||
* Riavviare courier-imap-ssl | |||
sudo invoke-rc.d courier-imap-ssl stop | |||
sudo invoke-rc.d courier-imap-ssl start | |||
* Testare | |||
==Riferimenti== | |||
*[http://www.cyberciti.biz/tips/ssl-certificate-installation-courier-imap-server.html Courier IMAP SSL Server Certificate Installtion and Configuration] | |||
Latest revision as of 22:26, 7 November 2009
Installazione
- Installare il pacchetto:
sudo apt-get install courier-imap-ssl
Utilizzo del certificato SSL autogenerato
Il certificato SSL di trova in /usr/lib/courier/imapd.pem.
Se lo si vuole rigenerare usando i dati del cliente, editare i parametri del certificato in
sudoedit /etc/courier/imapd.cnf:
... C=IT ST=MI L=Milano O=Alliance Logistics S.r.l. OU=Courier Imap SSL CN=fire.all-logistics.com emailAddress=all-alert@rvmgroup.it ...
- Occorre cancellarlo per ricrearlo con i parametri corretti:
sudo rm -f /usr/lib/courier/imapd.pem sudo mkimapdcert
- Riavviare Courier-Imap:
sudo /etc/init.d/courier-imap restart
Utilizzo di un certificato SSL firmato da una propria CA
- Preparare il certificato
- Esportare il certificato in mail.nome.dom.crt
- Esportare la private key senza password in: mail.nome.dom.key
- Copiarli sulla macchina
- Copiare anche il certificato della CA ca.nome.dom.crt
- Fare una copia dei certificati originali:
cd /etc/courier cp imapd.pem imapd.pem.ori cp pop3.pem pop3d.pem.ori
- Concatenare i due certificati in un unico file:
cat /tmp/mail.nome.dom.key /tmp/mail.nome.dom.crt > mail.nome.dom.pem
Si otterà una cosa del genere:
# cat mail.nome.dom.pem -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCa+MWVxKIl6bJivlDOYDXdGpS6Me1048DS+ONrcklIEuYBQX/g bN8ng+G2NlnnHSmGfhHGK40mOHTaGN9nVQ0tEcyThrKOSNk1DtHVVpxV2uD8lgEg pwp//GtM+qb73tvWxYd4aeERJhhT/Pyg79RHVBsDWcJ5kZuy1aph1uGFZwIDAQAB AoGAdZ6s8EAexWG7F8DUud5B43/CNBOi413dQwLOMQW74u0dDwT0lpRrRqWNEWvt DkGO+9oBiYQSjFi7L7FDFj1yUn1cc5HE21DvUO3SCU5/kxedIG300ZwH8ejKsiAu 32QQrukNI2UhGv8pIqA/09V5vBS7ryJduJw/V38cgc/HYvkCQQDI2MXHzUb7HK4L AnqeAbea57aIwu3JxQpTGQpr45ZpHKskwdkPErJ7gYVEF2gTKSbtE9vD/W/ifbGO h4ccI7stAkEAxYcOHSOZV60w6Rqo3tGLoNkh7Uk8QKvKfCAZ37sDvZqiaL1ygV4S /Q75Co9tR3bAVR5obXOU7qco3mlyRsqPYwJBAI0l0nDk8ZI+CI4SMuviFw9U8jHQ k93tjKDzgyBpM+Yw0JGnbYyrPiWP04ET1f9JN2L7RsHI1R1d6i9ZTXlYHw0CQFnr U0d8jy/UjbFwC3PznEaK0eD9N8qQ6cp7qouozNkhbdGUfG3b73T3vfNKu4qOypt1 DkDVHvVNb1NgWT9UstUCQBwj1GkXjhZJ1ZF/qzsyww+z1B0+hzM+ZfSDcIZeO3dD t/Wo1R+MWiTsr3X0wAvq4+R4xjxkojv/yf7Z8wKotFw= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID3zCCA0igAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBijEVMBMGA1UEAxMMY2Eu Z3NzcGEubmV0MQswCQYDVQQGEwJJVDEQMA4GA1UEBxMHU2Fzc2FyaTELMAkGA1UE CBMCU1MxEjAQBgNVBAoTCUdTIFMucC5BLjELMAkGA1UECxMCQ0ExJDAiBgkqhkiG 9w0BCQEWFWdhbC1hbGVydEBydm1ncm91cC5pdDAeFw0wNTExMjIwMDAwMDBaFw0x NTEyMzEyMzU5NTlaMIGOMRcwFQYDVQQDEw5tYWlsLmdzc3BhLm5ldDELMAkGA1UE BhMCSVQxEDAOBgNVBAcTB1Nhc3NhcmkxCzAJBgNVBAgTAlNTMRIwEAYDVQQKEwlH UyBTLnAuQS4xDTALBgNVBAsTBE1haWwxJDAiBgkqhkiG9w0BCQEWFWdhbC1hbGVy dEBydm1ncm91cC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmvjFlcSi JemyYr5QzmA13RqUujHtdOPA0vjja3JJSBLmAUF/4GzfJ4PhtjZZ5x0phn4RxiuN Jjh02hjfZ1UNLRHMk4ayjkjZNQ7R1VacVdrg/JYBIKcKf/xrTPqm+97b1sWHeGnh ESYYU/z8oO/UR1QbA1nCeZGbstWqYdbhhWcCAwEAAaOCAU0wggFJMAwGA1UdEwEB /wQCMAAwHQYDVR0OBBYEFFPW6j2H0jhujrDG8jA9J2k9NGfbMIG3BgNVHSMEga8w gayAFGhAoWzdKnYJxTxXKbZqqGNCJR3qoYGQpIGNMIGKMRUwEwYDVQQDEwxjYS5n c3NwYS5uZXQxCzAJBgNVBAYTAklUMRAwDgYDVQQHEwdTYXNzYXJpMQswCQYDVQQI EwJTUzESMBAGA1UEChMJR1MgUy5wLkEuMQswCQYDVQQLEwJDQTEkMCIGCSqGSIb3 DQEJARYVZ2FsLWFsZXJ0QHJ2bWdyb3VwLml0ggEBMAsGA1UdDwQEAwIF4DAgBgNV HREEGTAXgRVnYWwtYWxlcnRAcnZtZ3JvdXAuaXQwEQYJYIZIAYb4QgEBBAQDAgZA MB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEEBQAD gYEAGYiL0b6rZCOn+cGzYx4notvVL70/jFYyHTWBGayw+sDcZMvFTF07/GzypMNb CtlCIQLjiSNA9WCGPTdK9jbnBqsQP+wP+AWLnpj4iDsc/TVR9zm5bLOUnBoYNAVQ AeIG30W9O0kQ9pQS6VjNlrSpzapcFgrkhsiIQP5Xb32KsV0= -----END CERTIFICATE-----
- Impostare i certificati nella configurazione:
sudoedit /etc/courier/imapd-ssl
... TLS_CERTFILE=/path/to//mail.nome.dom.pem ... TLS_TRUSTCERTS=/etc/postfix/ca.nome.dom.crt ...
- Riavviare courier-imap-ssl
sudo invoke-rc.d courier-imap-ssl stop sudo invoke-rc.d courier-imap-ssl start
- Testare