Courier Imap-SSL: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
mNo edit summary |
||
| Line 4: | Line 4: | ||
apt-get install courier-imap-ssl | apt-get install courier-imap-ssl | ||
</pre> | </pre> | ||
== Utilizzo del certificato SSL prefornito == | |||
Il certificato SSL di trova in /usr/lib/courier/imapd.pem. | Il certificato SSL di trova in /usr/lib/courier/imapd.pem. | ||
| Line 22: | Line 26: | ||
Occorre cancellarlo per ricrearlo con i paramteri corretti: | Occorre cancellarlo per ricrearlo con i paramteri corretti: | ||
<pre> | <pre> | ||
rm -f /usr/lib/courier/imapd.pem | rm -f /usr/lib/courier/imapd.pem | ||
| Line 34: | Line 37: | ||
/etc/init.d/courier-imap-ssl start | /etc/init.d/courier-imap-ssl start | ||
</pre> | </pre> | ||
== Utilizzo di un certificato SSL firmato da una CA == | |||
* Preparare il certificato | |||
* Esportare il certificato in formato pem ''mail.nome.dom.crt'' | |||
* Esportare la private key '''senza password''' in formato pem: ''mail.nome.dom.pem'' | |||
* Copiarli sulla macchina | |||
* Fare una copia dei certificati originali: | |||
<pre> | |||
cd /etc/courier | |||
cp imapd.pem imapd.pem.ori | |||
cp pop3.pem pop3d.pem.ori | |||
</pre> | |||
* Concatenare i due certificati in un unico file: | |||
cat /tmp/mail.gsspa.net.pem /tmp/mail.gsspa.net.crt > imapd.pem | |||
Si otterà una cosa del genere: | |||
<pre> | |||
# cat imapd.pem | |||
-----BEGIN RSA PRIVATE KEY----- | |||
MIICXAIBAAKBgQCa+MWVxKIl6bJivlDOYDXdGpS6Me1048DS+ONrcklIEuYBQX/g | |||
bN8ng+G2NlnnHSmGfhHGK40mOHTaGN9nVQ0tEcyThrKOSNk1DtHVVpxV2uD8lgEg | |||
pwp//GtM+qb73tvWxYd4aeERJhhT/Pyg79RHVBsDWcJ5kZuy1aph1uGFZwIDAQAB | |||
AoGAdZ6s8EAexWG7F8DUud5B43/CNBOi413dQwLOMQW74u0dDwT0lpRrRqWNEWvt | |||
DkGO+9oBiYQSjFi7L7FDFj1yUn1cc5HE21DvUO3SCU5/kxedIG300ZwH8ejKsiAu | |||
32QQrukNI2UhGv8pIqA/09V5vBS7ryJduJw/V38cgc/HYvkCQQDI2MXHzUb7HK4L | |||
AnqeAbea57aIwu3JxQpTGQpr45ZpHKskwdkPErJ7gYVEF2gTKSbtE9vD/W/ifbGO | |||
h4ccI7stAkEAxYcOHSOZV60w6Rqo3tGLoNkh7Uk8QKvKfCAZ37sDvZqiaL1ygV4S | |||
/Q75Co9tR3bAVR5obXOU7qco3mlyRsqPYwJBAI0l0nDk8ZI+CI4SMuviFw9U8jHQ | |||
k93tjKDzgyBpM+Yw0JGnbYyrPiWP04ET1f9JN2L7RsHI1R1d6i9ZTXlYHw0CQFnr | |||
U0d8jy/UjbFwC3PznEaK0eD9N8qQ6cp7qouozNkhbdGUfG3b73T3vfNKu4qOypt1 | |||
DkDVHvVNb1NgWT9UstUCQBwj1GkXjhZJ1ZF/qzsyww+z1B0+hzM+ZfSDcIZeO3dD | |||
t/Wo1R+MWiTsr3X0wAvq4+R4xjxkojv/yf7Z8wKotFw= | |||
-----END RSA PRIVATE KEY----- | |||
-----BEGIN CERTIFICATE----- | |||
MIID3zCCA0igAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBijEVMBMGA1UEAxMMY2Eu | |||
Z3NzcGEubmV0MQswCQYDVQQGEwJJVDEQMA4GA1UEBxMHU2Fzc2FyaTELMAkGA1UE | |||
CBMCU1MxEjAQBgNVBAoTCUdTIFMucC5BLjELMAkGA1UECxMCQ0ExJDAiBgkqhkiG | |||
9w0BCQEWFWdhbC1hbGVydEBydm1ncm91cC5pdDAeFw0wNTExMjIwMDAwMDBaFw0x | |||
NTEyMzEyMzU5NTlaMIGOMRcwFQYDVQQDEw5tYWlsLmdzc3BhLm5ldDELMAkGA1UE | |||
BhMCSVQxEDAOBgNVBAcTB1Nhc3NhcmkxCzAJBgNVBAgTAlNTMRIwEAYDVQQKEwlH | |||
UyBTLnAuQS4xDTALBgNVBAsTBE1haWwxJDAiBgkqhkiG9w0BCQEWFWdhbC1hbGVy | |||
dEBydm1ncm91cC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmvjFlcSi | |||
JemyYr5QzmA13RqUujHtdOPA0vjja3JJSBLmAUF/4GzfJ4PhtjZZ5x0phn4RxiuN | |||
Jjh02hjfZ1UNLRHMk4ayjkjZNQ7R1VacVdrg/JYBIKcKf/xrTPqm+97b1sWHeGnh | |||
ESYYU/z8oO/UR1QbA1nCeZGbstWqYdbhhWcCAwEAAaOCAU0wggFJMAwGA1UdEwEB | |||
/wQCMAAwHQYDVR0OBBYEFFPW6j2H0jhujrDG8jA9J2k9NGfbMIG3BgNVHSMEga8w | |||
gayAFGhAoWzdKnYJxTxXKbZqqGNCJR3qoYGQpIGNMIGKMRUwEwYDVQQDEwxjYS5n | |||
c3NwYS5uZXQxCzAJBgNVBAYTAklUMRAwDgYDVQQHEwdTYXNzYXJpMQswCQYDVQQI | |||
EwJTUzESMBAGA1UEChMJR1MgUy5wLkEuMQswCQYDVQQLEwJDQTEkMCIGCSqGSIb3 | |||
DQEJARYVZ2FsLWFsZXJ0QHJ2bWdyb3VwLml0ggEBMAsGA1UdDwQEAwIF4DAgBgNV | |||
HREEGTAXgRVnYWwtYWxlcnRAcnZtZ3JvdXAuaXQwEQYJYIZIAYb4QgEBBAQDAgZA | |||
MB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEEBQAD | |||
gYEAGYiL0b6rZCOn+cGzYx4notvVL70/jFYyHTWBGayw+sDcZMvFTF07/GzypMNb | |||
CtlCIQLjiSNA9WCGPTdK9jbnBqsQP+wP+AWLnpj4iDsc/TVR9zm5bLOUnBoYNAVQ | |||
AeIG30W9O0kQ9pQS6VjNlrSpzapcFgrkhsiIQP5Xb32KsV0= | |||
-----END CERTIFICATE----- | |||
* Riavviare courier-imap-ssl | |||
/etc/init.d/courier-imap-ssl stop; /etc/init.d/courier-imap-ssl start | |||
* Testare</pre> | |||
Revision as of 16:40, 22 November 2005
- Installare il pacchetto:
apt-get install courier-imap-ssl
Utilizzo del certificato SSL prefornito
Il certificato SSL di trova in /usr/lib/courier/imapd.pem.
- Editare i parametri del certificato in /etc/courier/imapd.cnf:
... C=IT ST=MI L=Milano O=Alliance Logistics S.r.l. OU=Courier Imap SSL CN=fire.all-logistics.com emailAddress=all-alert@rvmgroup.it ...
Occorre cancellarlo per ricrearlo con i paramteri corretti:
rm -f /usr/lib/courier/imapd.pem mkimapdcert
- Riavviare Courier-Imap:
/etc/init.d/courier-imap start /etc/init.d/courier-imap-ssl start
Utilizzo di un certificato SSL firmato da una CA
- Preparare il certificato
- Esportare il certificato in formato pem mail.nome.dom.crt
- Esportare la private key senza password in formato pem: mail.nome.dom.pem
- Copiarli sulla macchina
- Fare una copia dei certificati originali:
cd /etc/courier cp imapd.pem imapd.pem.ori cp pop3.pem pop3d.pem.ori
- Concatenare i due certificati in un unico file:
cat /tmp/mail.gsspa.net.pem /tmp/mail.gsspa.net.crt > imapd.pem
Si otterà una cosa del genere:
# cat imapd.pem -----BEGIN RSA PRIVATE KEY----- MIICXAIBAAKBgQCa+MWVxKIl6bJivlDOYDXdGpS6Me1048DS+ONrcklIEuYBQX/g bN8ng+G2NlnnHSmGfhHGK40mOHTaGN9nVQ0tEcyThrKOSNk1DtHVVpxV2uD8lgEg pwp//GtM+qb73tvWxYd4aeERJhhT/Pyg79RHVBsDWcJ5kZuy1aph1uGFZwIDAQAB AoGAdZ6s8EAexWG7F8DUud5B43/CNBOi413dQwLOMQW74u0dDwT0lpRrRqWNEWvt DkGO+9oBiYQSjFi7L7FDFj1yUn1cc5HE21DvUO3SCU5/kxedIG300ZwH8ejKsiAu 32QQrukNI2UhGv8pIqA/09V5vBS7ryJduJw/V38cgc/HYvkCQQDI2MXHzUb7HK4L AnqeAbea57aIwu3JxQpTGQpr45ZpHKskwdkPErJ7gYVEF2gTKSbtE9vD/W/ifbGO h4ccI7stAkEAxYcOHSOZV60w6Rqo3tGLoNkh7Uk8QKvKfCAZ37sDvZqiaL1ygV4S /Q75Co9tR3bAVR5obXOU7qco3mlyRsqPYwJBAI0l0nDk8ZI+CI4SMuviFw9U8jHQ k93tjKDzgyBpM+Yw0JGnbYyrPiWP04ET1f9JN2L7RsHI1R1d6i9ZTXlYHw0CQFnr U0d8jy/UjbFwC3PznEaK0eD9N8qQ6cp7qouozNkhbdGUfG3b73T3vfNKu4qOypt1 DkDVHvVNb1NgWT9UstUCQBwj1GkXjhZJ1ZF/qzsyww+z1B0+hzM+ZfSDcIZeO3dD t/Wo1R+MWiTsr3X0wAvq4+R4xjxkojv/yf7Z8wKotFw= -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- MIID3zCCA0igAwIBAgIBAjANBgkqhkiG9w0BAQQFADCBijEVMBMGA1UEAxMMY2Eu Z3NzcGEubmV0MQswCQYDVQQGEwJJVDEQMA4GA1UEBxMHU2Fzc2FyaTELMAkGA1UE CBMCU1MxEjAQBgNVBAoTCUdTIFMucC5BLjELMAkGA1UECxMCQ0ExJDAiBgkqhkiG 9w0BCQEWFWdhbC1hbGVydEBydm1ncm91cC5pdDAeFw0wNTExMjIwMDAwMDBaFw0x NTEyMzEyMzU5NTlaMIGOMRcwFQYDVQQDEw5tYWlsLmdzc3BhLm5ldDELMAkGA1UE BhMCSVQxEDAOBgNVBAcTB1Nhc3NhcmkxCzAJBgNVBAgTAlNTMRIwEAYDVQQKEwlH UyBTLnAuQS4xDTALBgNVBAsTBE1haWwxJDAiBgkqhkiG9w0BCQEWFWdhbC1hbGVy dEBydm1ncm91cC5pdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmvjFlcSi JemyYr5QzmA13RqUujHtdOPA0vjja3JJSBLmAUF/4GzfJ4PhtjZZ5x0phn4RxiuN Jjh02hjfZ1UNLRHMk4ayjkjZNQ7R1VacVdrg/JYBIKcKf/xrTPqm+97b1sWHeGnh ESYYU/z8oO/UR1QbA1nCeZGbstWqYdbhhWcCAwEAAaOCAU0wggFJMAwGA1UdEwEB /wQCMAAwHQYDVR0OBBYEFFPW6j2H0jhujrDG8jA9J2k9NGfbMIG3BgNVHSMEga8w gayAFGhAoWzdKnYJxTxXKbZqqGNCJR3qoYGQpIGNMIGKMRUwEwYDVQQDEwxjYS5n c3NwYS5uZXQxCzAJBgNVBAYTAklUMRAwDgYDVQQHEwdTYXNzYXJpMQswCQYDVQQI EwJTUzESMBAGA1UEChMJR1MgUy5wLkEuMQswCQYDVQQLEwJDQTEkMCIGCSqGSIb3 DQEJARYVZ2FsLWFsZXJ0QHJ2bWdyb3VwLml0ggEBMAsGA1UdDwQEAwIF4DAgBgNV HREEGTAXgRVnYWwtYWxlcnRAcnZtZ3JvdXAuaXQwEQYJYIZIAYb4QgEBBAQDAgZA MB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwDQYJKoZIhvcNAQEEBQAD gYEAGYiL0b6rZCOn+cGzYx4notvVL70/jFYyHTWBGayw+sDcZMvFTF07/GzypMNb CtlCIQLjiSNA9WCGPTdK9jbnBqsQP+wP+AWLnpj4iDsc/TVR9zm5bLOUnBoYNAVQ AeIG30W9O0kQ9pQS6VjNlrSpzapcFgrkhsiIQP5Xb32KsV0= -----END CERTIFICATE----- * Riavviare courier-imap-ssl /etc/init.d/courier-imap-ssl stop; /etc/init.d/courier-imap-ssl start * Testare