Manage SSL Certificate - Copying to Dovecot & Postfix

bill56 · September 8, 2012, 1:32am

Hello:

I need to copy my existing certificate to Dovecot & Postfix. Seems to be pretty straightforward, however here is the problem. In Virtualmin, the Server COnfiguration -> Manage SSL Certificate shows the location of the certificates as follows:

SSL certificate file /home/website/ssl.cert
SSL private key file /home/website/ssl.key
Certificate type Self-signed

I don’t see how to change these locations, and I do not want to use the “copy” function to copy the wrong certs.

The actual certificate files are not Self-Signed, they are from Thawte and are located here:

/etc/httpd/conf/ssl.crt/www.website.com.crt
/etc/httpd/conf/ssl.key/www.website.com.key
/etc/httpd/conf/ssl.crt/cabundle.crt

The correct locations are also shown here: Services -> Configure Website for SSL -> SSL Options - which are the locations listed in /etc/httpd/conf/httpd.conf

How can I correctly install the SSL certs so that they are used by Dovecot & Postfix?

Thanks.

Eric · September 8, 2012, 3:12am

Howdy,

Hmm, did you by chance manually add those SSL certs into Apache, rather than using Virtualmin to do so?

It sounds like Virtualmin is a little confused as to which SSL certificates are being used at the moment.

Let us know what steps you used to add your SSL cert into Apache… that’ll help us figure out what we’ll need to go in order to get Virtualmin to understand which SSL cert your site is using.

-Eric

bill56 · September 9, 2012, 2:59am

Eric:

Yes, you are correct, this was originally done manually. Here is what I did:

openssl genrsa -out www.website.com.key 2048
openssl req -new -key www.website.com.key -out www.website.com.csr
Paste the CSR in the online order form.
Got the CRT file back, put it here /etc/httpd/conf/ssl.crt/www.website.com.crt
Put the KEY file here /etc/httpd/conf/ssl.key/www.website.com.key
Installed intermediate certs in /etc/httpd/conf/ssl.crt/cabundle.crt
These lines are in /etc/httpd/conf/httpd.conf:

SSLEngine On
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.website.com.key
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.website.com.crt
SSLCACertificateFile /etc/httpd/conf/ssl.crt/cabundle.crt

Restarted with: /sbin/service httpd restart

Thanks for your help.
-Bill

Eric · September 9, 2012, 4:54am

Aha, I see!

So, that SSL certificate may not be associated with any particular Virtual Server, which may explain why Virtualmin isn’t seeing them.

If you’d like to associate them with a Virtual Server – what you can do is go into Server Configuration -> Manage SSL Certificate, and add your cert/key in the “New Certificate” tab, and your cabundle in the CA Certificate tab.

Virtualmin will then place a copy of your SSL cert into that user’s home directory.

Also, when you hit the “Copy To” buttons, it will copy the correct SSL cert out to your other services.

bill56 · September 10, 2012, 1:01am

OK, SSL certificate installed correctly per your advice. And, I did the “Copy To” for Dovecot and Postfix.

Working fine now - thanks for your help.

Bill

system · April 30, 2020, 5:55am