Chapter 24 . Running a Mail Server 633 (Java web server)
Chapter 24 . Running a Mail Server 633 Debconf will ask you whether you want to trust the CA certificates by default. In most cases, you will want to select Yes. 3. If you are going to be using a certificate from a CA that is not already recognized (this is generally only true if you are running your own CA), place the CA public certificate in its own file in /etc/ssl/certs/ and update the certificate database: # update-ca-certificates 4. Generate the private key and certificate signing request, as described in Chapter 23. The best location for these files is /etc/ssl/private/. Here s an example: # cd /etc/ssl/private # umask 0077 # openssl genrsa -out mail.key 1024 # openssl req -new -key mail.key -out mail.csr 5. Get your CSR (Certificate Signing Request) signed and place the certificate in /etc/mail/private/mail.crt. Or, to do a self-signed certificate, do the following: # openssl req -new -x509 -nodes -sha1 -days 365 -key mail.key -out mail.crt Many mail programs will refuse to connect to the server if they do not recognize the certificate. If you are running your own CA, you can overcome this by distributing the CA public key to all clients. 6. Concatenate the private key and certificate into a single file: # cd /etc/ssl/private # umask 0077 # cat mail.key mail.crt >> mail.pem 7. Tell Postfix where to find certificates and keys by adding the following lines to the end of /etc/postfix/main.cf: smtpd_tls_cert_file = /etc/ssl/private/mail.pem smtpd_tls_key_file = $smtpd_tls_cert_file smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt 8. Configure the Postfix daemons to support SSL/TLS by adding -o smtpd_ use_tls=yes to the line in /etc/postfix/master.cf that starts with smtpd. There will also be three commented-out lines at the end of the file that start with tlsmgr, smtps, and 587. Uncomment them and remove the -o smtpd_ sasl_auth_enable=yes parameters. When finished, the lines will look something like this: smtp inet n - - - - smtpd -o smtpd_use_tls=yes (there will be quite a few lines in between) # only used by postfix-tls tlsmgr fifo - - n 300 1 tlsmgr smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes 587 inet n - n - - smtpd -o smtpd_enforce_tls=yes Caution
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.