Difference between revisions of "Install Certificate in CanIt"

From Roaring Penguin
Jump to: navigation, search
(Created page with "Here's my recommended "best practices" solution to this: ##Part 1: Install the server's certificate using the Setup : HTTPS function.## This function asks you for the cert and i…")
 
Line 1: Line 1:
 
Here's my recommended "best practices" solution to this:
 
Here's my recommended "best practices" solution to this:
##Part 1: Install the server's certificate using the Setup : HTTPS function.##
+
--Part 1: Install the server's certificate using the Setup : HTTPS function.--
  
 
This function asks you for the cert and its key.  It will update files in
 
This function asks you for the cert and its key.  It will update files in

Revision as of 09:23, 17 June 2015

Here's my recommended "best practices" solution to this: --Part 1: Install the server's certificate using the Setup : HTTPS function.--

This function asks you for the cert and its key. It will update files in /etc/ssl/ and it will get HTTPS working for your web interface.

This isn't what you asked for, but later we'll make Sendmail use the same cert/key for TLS. A big bonus of doing it this way is that when the time comes to update the cert/key, you can easily use Setup : HTTPS again and the updates will be used by both Apache and Sendmail. Future key updates are a snap.


    1. Part 2: Making Sendmail behave##

Step (1) will create / update /etc/ssl/private/canit-appliance.key and /etc/ssl/certs/canit-appliance.crt.

We'll leave Sendmail's config file alone; instead we'll just create symlinks in /etc/mail/tls/ to the appropriate files.

These commands will do the business:

  mv /etc/mail/tls/sendmail-client.crt /etc/mail/tls/sendmail-client.crt.orig
  mv /etc/mail/tls/sendmail-server.crt /etc/mail/tls/sendmail-server.crt.orig
  mv /etc/mail/tls/sendmail-common.key /etc/mail/tls/sendmail-common.key.orig
  ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-client.crt
  ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-server.crt
  ln -s /etc/ssl/private/canit-appliance.key /etc/mail/tls/sendmail-common.key

Then restart Sendmail:

/etc/init.d/sendmail restart