1

Topic: [SOLVED] Incorrect file location of newly generated SSL keys

Thanks ZhangHuangbin for you great work!

I've installed iRedMail 0.7.4 on a fresh centos 6.2 x64.
I've a little question about the generated ssl keys.
After execution of the script, the information is told to change the permissions for files:

# chmod +r /etc/ssl/certs/iRedMail_CA.pem
# chmod +r /etc/ssl/private/iRedMail.key

but the directory /etc/ssl/private/ does not exist on my system.
I have to create it and copy into the generated iRedMail.key?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: [SOLVED] Incorrect file location of newly generated SSL keys

agattei wrote:

Thanks ZhangHuangbin for you great work!

I've installed iRedMail 0.7.4 on a fresh centos 6.2 x64.
I've a little question about the generated ssl keys.
After execution of the script, the information is told to change the permissions for files:

# chmod +r /etc/ssl/certs/iRedMail_CA.pem
# chmod +r /etc/ssl/private/iRedMail.key

but the directory /etc/ssl/private/ does not exist on my system.
I have to create it and copy into the generated iRedMail.key?

Hi, as you can see in the iRedMail.tips the ssl keys files are located in:
/etc/pki/tls/certs/iRedMail_CA.pem
/etc/pki/tls/private/iRedMail.key

Bye

3

Re: [SOLVED] Incorrect file location of newly generated SSL keys

Hi,
sorry if I reopen the post...

bgdev85 wrote:

Hi, as you can see in the iRedMail.tips the ssl keys files are located in:
/etc/pki/tls/certs/iRedMail_CA.pem
/etc/pki/tls/private/iRedMail.key

yes I know, but my question is about the usage info in the script generate_ssl_keys.sh

# USAGE:
# 1) Edit variables which starts with TLS_ below, then save file.
# 2) Execute shell command:
#
#       # bash generate_ssl_keys.sh
#
#    It will create two new files under CURRENT directory:
#
#       - certs/iRedMail_CA.pem: Used to replace file on iRedMail server:
#           + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/certs/iRedMail_CA.pem
#           + on Debian/Ubuntu/openSUSE: /etc/ssl/certs/iRedMail_CA.pem
#           + on FreeBSD: /etc/ssl/certs/iRedMail_CA.pem
#       - private/iRedMail.key: Used to replace file on iRedMail server:
#           + on RHEL/CentOS/Scientific Linux: /etc/pki/tls/private/iRedMail.key
#           + on Debian/Ubuntu/openSUSE: /etc/ssl/private/iRedMail.key
#           + on FreeBSD: /etc/ssl/private/iRedMail.key
#
# 3) Grant read access to all users. e.g. on RHEL/CentOS/Scientific Linux:
#
#   # chmod +r /etc/ssl/certs/iRedMail_CA.pem
#   # chmod +r /etc/ssl/private/iRedMail.key

after I generated the new key, I copied the two files, respectively, in /etc/pki/tls/certs/iRedMail_CA.pem and /etc/pki/tls/private/iRedMail.key and I updated the permissions.
Moving on to step 3 I have found that the /etc/ssl/certs/iRedMail_CA.pem exists but the /etc/ssl/private/iRedMail.key doesn't exist, so my question is about that.
Do I have to make the /etc/ssl/certs directory and after that copy the iRedMail.key and change the permission?
Or it's possible that the example to change permission is about debian distro? so there is a little mistake with "...e.g. on RHEL/CentOS/Scientific Linux:"?
My doubt is because /etc/ssl/certs/iRedMail_CA.pem exist on my CentOS.

Thank You for your patience :-)