Install Certificate in CanIt

From Roaring Penguin
Revision as of 10:25, 17 June 2015 by MCoyne (talk | contribs)

Jump to: navigation, search

Here's my recommended "best practices" solution to this:

Part 1: Install the server's certificate using the Setup : HTTPS function

This function asks you for the cert and its key. It will update files in /etc/ssl/ and it will get HTTPS working for your web interface.

This isn't what you asked for, but later we'll make Sendmail use the same cert/key for TLS. A big bonus of doing it this way is that when the time comes to update the cert/key, you can easily use Setup : HTTPS again and the updates will be used by both Apache and Sendmail. Future key updates are a snap.

Part 2: Making Sendmail behave

Step (1) will create / update /etc/ssl/private/canit-appliance.key and /etc/ssl/certs/canit-appliance.crt.

We'll leave Sendmail's config file alone; instead we'll just create symlinks in /etc/mail/tls/ to the appropriate files.

These commands will do the business:

  mv /etc/mail/tls/sendmail-client.crt /etc/mail/tls/sendmail-client.crt.orig
  mv /etc/mail/tls/sendmail-server.crt /etc/mail/tls/sendmail-server.crt.orig
  mv /etc/mail/tls/sendmail-common.key /etc/mail/tls/sendmail-common.key.orig
  ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-client.crt
  ln -s /etc/ssl/certs/canit-appliance.crt /etc/mail/tls/sendmail-server.crt
  ln -s /etc/ssl/private/canit-appliance.key /etc/mail/tls/sendmail-common.key

Then restart Sendmail:

/etc/init.d/sendmail restart