Changes

From SME Server
Jump to navigationJump to search
Created Translation
{{Languages}}

{{Note box|Übersetzung derzeit in Arbeit!}}

=== Introduction ===
This document describes how to integrate a free SSL-Server Certificate from [http://www.startssl.com www.startssl.com]. The purpose is the use of your SME-Webserver with modern webbrowsers and mail (and/or groupware) clients which normally do complain about the self signed certificates from a standard SME-Server installation. Certificates from Startcom (or Startssl) are widely accepted by most webclients.

=== Preparation ===

Go to [http://www.startssl.com www.startssl.com], and sign up under [https://www.startssl.com/?app=11&action=regform https://www.startssl.com/?app=11&action=regform] to get a free account and to install a SingleSignOn-Certificate in your browser (btw: with this certificate you are also ready to sign your emails for one or more email addresses with S/MIME) to authenticate against their configuration panel @ https://auth.startssl.com/. Validate your account as described in the signup process, and then you're ready to get your SSL Server Certificate for your SME-Server.
{{Note box|You won't be able to access the login page with the configuration pannel until you sign up '''AND''' install the first certificate in your browser!}}

=== Creation ===
Assumed you gave your server a FQDN like "''mysmeserver.com''" and chose to call your server "''www''" then you will first set up your new SSL-Certificate in the Startcom panel with your FQDN and in one of the following steps add the server name. Your certificate will then be assigned for

*''mysmeserver.com''
*''www.mysmeserver.com''

The confirmation email from Startcom will be sent to the user "postmaster", "hostmaster" oder "webmaster"@ your server to be validated by the server admin. To receive this mail be sure to either login at webmail with your admin account or to create a pseudonym for on of these users which will be forwarded to your mainly used account.

=== Modification ===
Follow the process in the Startcom panel till the end and until you're ready to directly copy&paste the certificate into a locally created ASCII text file wich you may call ''ssl.key''. Do the same with your ''ssl.crt''. Also make sure, you downloaded the two CertificateChainFile(s) and save them to your desktop:

*[http://www.startssl.com/certs/ca.pem ca.pem]
*[http://www.startssl.com/certs/sub.class1.server.ca.pem sub.class1.server.ca.pem]

These two pem-files need to be merged into on single file which you may call bundle.pem: first, paste the content of ''sub.class1.server.ca.pem'' and below it, paste the conent of ''ca.pem'' Save the file to your desktop and upload the three files via sftp to your server in a directory (e.g. startssl) in /home/e-smith:

*ssl.key
*ssl.crt
*bundle.pem

{{Note box|Before you start with the integration of the new SSL Certificate, we need to make a little "modification" to the file ssl.key and are going to rename the files.}}

'''Your key is secured with a password which needs to be deleted before the key is integrated into the server db.'''

This done by a simple command inside the directory (e.g. startssl) where you stored the three files:

openssl rsa -in ssl.key -out www.mysmeserver.com.key

Type in your password, hit Enter and you're almost done.

Finally, rename the remaining files:
*ssl.crt --> www.mysmeserver.com.crt
*bundle.pem --> www.mysmeserver.com.pem

=== Integration ===
In the terminal type in (as root)

config setprop modSSL crt /home/e-smith/startssl/www.mysmeserver.com.crt
config setprop modSSL key /home/e-smith/startssl/www.mysmeserver.com.key
config setprop modSSL CertificateChainFile /home/e-smith/startssl/www.mysmeserver.com.pem
signal-event console-save
signal-event post-upgrade; signal-event reboot

'''Enjoy!'''

[[Category: Howto]]
[[Category: Administration:Certificates]]
----
19

edits

Navigation menu