1

Topic: SSL

Greeting,

I've done a mistake during the setup process ; the SSL certificate for Postfix is wrong (wrong domain name) and I would like to generate a new one ; does anyone know how to generate and install a new SSL certificate ?

Regards

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: SSL

Please read iRedMail-x.y.z/functions/packages.sh:

gen_pem_key()
{
    # Create necessary directories.
    [ -d ${SSL_FILE_DIR} ] || mkdir -p ${SSL_FILE_DIR}

    openssl req \
        -x509 -nodes -days 3650 -newkey rsa:1024 \
        -subj "/C=${TLS_COUNTRY}/ST=${TLS_STATE}/L=${TLS_CITY}/O=${TLS_COMPANY}/OU=${TLS_DEPARTMENT}/CN=${TLS_HOSTNAME}/emailAddress=${TLS_ADMIN}/" \
        -out ${SSL_CERT_FILE} -keyout ${SSL_KEY_FILE} >/dev/null 2>&1

    # Set correct file permission.
    chmod 0444 ${SSL_CERT_FILE}
    chmod 0400 ${SSL_KEY_FILE}
}

All variables are defined in iRedMail-x.y.z/conf/global.

Good luck.

3

Re: SSL

It worked smile

Thank you for your time!!

4

Re: SSL

simonbouchard wrote:

It worked smile

Thank you for your time!!

Forget to metion file permission: iredmail shares this ssl key by default, but file permission is 044, other programs can't read it. You must set advanced file system control.

Try this command:

$ cd /path/to/iRedMail-x.y.z/
$ grep -r 'setfacl' *

5

Re: SSL

ZhangHuangbin wrote:
simonbouchard wrote:

It worked smile

Thank you for your time!!

Forget to metion file permission: iredmail shares this ssl key by default, but file permission is 044, other programs can't read it. You must set advanced file system control.

Try this command:

$ cd /path/to/iRedMail-x.y.z/
$ grep -r 'setfacl' *

I got the following error message :

root@mx01 [~/iRedMail-0.4.0]# setfacl -m u:ldap:r-- /etc/pki/iRedMail/SSL_Key.pem
setfacl: Option -m: Invalid argument near character 3

6

Re: SSL

simonbouchard wrote:

I got the following error message :

root@mx01 [~/iRedMail-0.4.0]# setfacl -m u:ldap:r-- /etc/pki/iRedMail/SSL_Key.pem
setfacl: Option -m: Invalid argument near character 3

It works for me here. No idea why it happened. sad