Thursday, August 20, 2009

Creating Self-Signed Certificate for TLS/SSL encryption

If you have installed indimail using any of the RPM at

http://download.opensuse.org/repositories/home:/mbhangui/

you will get IMAPS, POP3S, SMTPS services installed by default. However Certificate are not installed by default. You may want to study the following google search. If you have not installed IndiMail using the RPM, then you can use svctool to create the IMAPS, POP3S, SMTPS services. Executing svctool without any option will give you a help screen.

You can save yourself a lot of trouble by using svctool to create self-signed certificate for IMAPS, POP3S, SMTPS (or starttls in smtp)

# /var/indimail/svctool --postmaster=postmaster@yourdomain --config=cert

You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank. For some fields there will be a default value, If you just hit Enter, the field will be left blank. Please note: The common name must be the name of the mail server so make sure you enter it on that line:

Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Goa
Locality Name (eg, city) [Newbury]:Porvorim
Organization Name (eg, company) [My Company Ltd]:IndiMail
Organizational Unit Name (eg, section) []: Technology
Common Name (eg, YOUR name) []: yourdomain
Email Address []:user@domain.xxx

Once you have given the above input, your certificate will be generated

% ls -l /var/indimail/control/*.pem
-rw-------. 1 indimail indimail 245 2009-08-19 07:39 dh1024.pem
-rw-------. 1 indimail indimail 156 2009-08-19 07:39 dh512.pem
-rw-------. 1 indimail indimail 497 2009-08-19 07:38 rsa512.pem
lrwxrwxrwx. 1 root root 36 2009-08-19 07:38 clientcert.pem -> /var/indimail/control/servercert.pem
-rw-r-----. 1 indimail indimail 2197 2009-08-19 07:38 servercert.pem

Now you can use the following commands to test the services

To connect to IMAPS
openssl s_client -connect localhost:993

To connect to POP3S
openssl s_client -connect localhost:995

To connect to SMTPS
openssl s_client -connect localhost:465
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

IndiMail Queue Mechanism

Indimail has the ability of configuring multiple local and remote queues. A queue is a location on your hard disk where email are deposited ...