Install SSL certificate in DTC admin panel

jesse's picture

Quick and dirty instructions for installing an SSL certificate into a DTC admin panel. This does not cover SSL certificates installed on individual websites.

After installing dtc, you'll have some self-signed certificate files:

dtc1:~# ls -tlrR /var/lib/dtc/etc/ssl/
/var/lib/dtc/etc/ssl/:
total 20
-r-------- 1 dtc dtcgrp  963 Nov 26  2008 privkey.pem
-r-------- 1 dtc dtcgrp  887 Nov 26  2008 new.cert.key
-r-------- 1 dtc dtcgrp  790 Nov 26  2008 new.cert.csr
-r-------- 1 dtc dtcgrp  977 Nov 26  2008 new.cert.cert
drwxr-xr-x 2 dtc dtcgrp 4096 Feb 23  2012 dovecot
 
/var/lib/dtc/etc/ssl/dovecot:
total 16
-rw-r--r-- 1 dtc dtcgrp  951 Feb 23  2012 privkey.pem
-rw-r--r-- 1 dtc dtcgrp  887 Feb 23  2012 new.cert.key
-rw-r--r-- 1 dtc dtcgrp  842 Feb 23  2012 new.cert.csr
-rw-r--r-- 1 dtc dtcgrp 1058 Feb 23  2012 new.cert.cert
dtc1:~# 

Configure postfix to use those, and symlink the dovecot/ files:

dtc1:~# postconf -e smtpd_tls_cert_file=/var/lib/dtc/etc/ssl/new.cert.cert
dtc1:~# postconf -e smtpd_tls_key_file=/var/lib/dtc/etc/ssl/new.cert.key
dtc1:~# cd /var/lib/dtc/etc/ssl/dovecot
dtc1:/var/lib/dtc/etc/ssl/dovecot# for f in new.cert.key new.cert.csr new.cert.cert;
> do
> mv $f $f.old
> ln -s ../$f $f
> done
dtc1:/var/lib/dtc/etc/ssl/dovecot# ls -l
total 16
lrwxrwxrwx 1 root root     16 Aug 28 15:44 new.cert.cert -> ../new.cert.cert
-rw-r--r-- 1 dtc  dtcgrp 1058 Feb 23  2012 new.cert.cert.old
lrwxrwxrwx 1 root root     15 Aug 28 15:44 new.cert.csr -> ../new.cert.csr
-rw-r--r-- 1 dtc  dtcgrp  842 Feb 23  2012 new.cert.csr.old
lrwxrwxrwx 1 root root     15 Aug 28 15:44 new.cert.key -> ../new.cert.key
-rw-r--r-- 1 dtc  dtcgrp  887 Feb 23  2012 new.cert.key.old
-rw-r--r-- 1 dtc  dtcgrp  951 Feb 23  2012 privkey.pem
dtc1:/var/lib/dtc/etc/ssl/dovecot#

Now put your new certificate in place. I combined the private key, intermediate CA certificates and this server's certificate together in a single .pem file. When you do this, remember the order is: your private key (pkcs8, pem format), then your certificate, then intermediary certificates, and lastly the root certificate. Eg. for a Comodo PositiveSSL cert:

dtc1:~# cat your.key.pkcs8 your_positivessl.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > certificate.pem

Adjust this to the filename you give it.

dtc1:~# cd /var/lib/dtc/etc/ssl/
dtc1:/var/lib/dtc/etc/ssl# for f in new.cert.key new.cert.csr new.cert.cert; do mv $f $f.old; done
dtc1:/var/lib/dtc/etc/ssl# cp /path/to/your/certificate.pem .
dtc1:/var/lib/dtc/etc/ssl# for f in new.cert.key new.cert.cert new.cert.ca; do ln -s certificate.pem $f; done
dtc1:/var/lib/dtc/etc/ssl# chown dtc:dtcgrp certificate.pem 
dtc1:/var/lib/dtc/etc/ssl# chmod 600 certificate.pem
 
dtc1:/var/lib/dtc/etc/ssl# ls -tlr
total 32
-r-------- 1 dtc  dtcgrp  963 Nov 26  2008 privkey.pem
-r-------- 1 dtc  dtcgrp  887 Nov 26  2008 new.cert.key.old
-r-------- 1 dtc  dtcgrp  790 Nov 26  2008 new.cert.csr.old
-r-------- 1 dtc  dtcgrp  977 Nov 26  2008 new.cert.cert.old
drwxr-xr-x 2 dtc  dtcgrp 4096 Aug 28 15:47 dovecot
-rw------- 1 dtc  dtcgrp 9259 Aug 28 17:28 certificate.pem
lrwxrwxrwx 1 root root     15 Aug 28 17:31 new.cert.key -> certificate.pem
lrwxrwxrwx 1 root root     15 Aug 28 17:31 new.cert.cert -> certificate.pem
lrwxrwxrwx 1 root root     15 Aug 28 17:31 new.cert.ca -> certificate.pem
dtc1:/var/lib/dtc/etc/ssl# 

Now just reload services and you're done.

dtc1:~# service postfix reload
dtc1:~# service dovecot reload
dtc1:~# service apache2 reload

Tags: 

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.