This website is deprecated, and remains online only for historic access to old issues and docs for historic versions of Virtualmin. It has been unmaintained for several years, and should not be relied on for up-to-date information. Please visit www.virtualmin.com instead.

Manage SSL Certificate - Copying to Dovecot & Postfix

5 posts / 0 new

Topic locked

Last post

#1 Fri, 09/07/2012 - 20:32

bill56

Manage SSL Certificate - Copying to Dovecot & Postfix

Hello:

I need to copy my existing certificate to Dovecot & Postfix. Seems to be pretty straightforward, however here is the problem. In Virtualmin, the Server COnfiguration -> Manage SSL Certificate shows the location of the certificates as follows:

SSL certificate file /home/website/ssl.cert SSL private key file /home/website/ssl.key Certificate type Self-signed

I don't see how to change these locations, and I do not want to use the "copy" function to copy the wrong certs.

The actual certificate files are not Self-Signed, they are from Thawte and are located here:

/etc/httpd/conf/ssl.crt/www.website.com.crt /etc/httpd/conf/ssl.key/www.website.com.key /etc/httpd/conf/ssl.crt/cabundle.crt

The correct locations are also shown here: Services -> Configure Website for SSL -> SSL Options - which are the locations listed in /etc/httpd/conf/httpd.conf

How can I correctly install the SSL certs so that they are used by Dovecot & Postfix?

Thanks.

#2 Fri, 09/07/2012 - 22:12

andreychek

Howdy,

Hmm, did you by chance manually add those SSL certs into Apache, rather than using Virtualmin to do so?

It sounds like Virtualmin is a little confused as to which SSL certificates are being used at the moment.

Let us know what steps you used to add your SSL cert into Apache... that'll help us figure out what we'll need to go in order to get Virtualmin to understand which SSL cert your site is using.

-Eric

#3 Sat, 09/08/2012 - 21:59

bill56

Eric:

Yes, you are correct, this was originally done manually. Here is what I did:

openssl genrsa -out www.website.com.key 2048
openssl req -new -key www.website.com.key -out www.website.com.csr
Paste the CSR in the online order form.
Got the CRT file back, put it here /etc/httpd/conf/ssl.crt/www.website.com.crt
Put the KEY file here /etc/httpd/conf/ssl.key/www.website.com.key
Installed intermediate certs in /etc/httpd/conf/ssl.crt/cabundle.crt
These lines are in /etc/httpd/conf/httpd.conf:

SSLEngine On
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.website.com.key SSLCertificateFile /etc/httpd/conf/ssl.crt/www.website.com.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/cabundle.crt

Restarted with: /sbin/service httpd restart

Thanks for your help. -Bill

#4 Sat, 09/08/2012 - 23:54

andreychek

Aha, I see!

So, that SSL certificate may not be associated with any particular Virtual Server, which may explain why Virtualmin isn't seeing them.

If you'd like to associate them with a Virtual Server -- what you can do is go into Server Configuration -> Manage SSL Certificate, and add your cert/key in the "New Certificate" tab, and your cabundle in the CA Certificate tab.

Virtualmin will then place a copy of your SSL cert into that user's home directory.

Also, when you hit the "Copy To" buttons, it will copy the correct SSL cert out to your other services.

#5 Sun, 09/09/2012 - 20:01 (Reply to #4)

bill56

OK, SSL certificate installed correctly per your advice. And, I did the "Copy To" for Dovecot and Postfix.

Working fine now - thanks for your help.

Bill

Topic locked