[SOLVED] SMTP TLS / Create Self Signed SSL Certificate

3 posts / 0 new
Last post
#1 Fri, 10/23/2009 - 09:23
Deviation

[SOLVED] SMTP TLS / Create Self Signed SSL Certificate

So I'm making an attempt to get SMTP TLS to work so I can use Google to send out my email via SMTP. They only support TLS or SSL so I'm kinda stuck. http://bit.ly/3MZRhu

Is it possible to use a self signed cert for this? For one, I can't tell if Virtualmin/Webmin has a built-in module to generate a self signed cert or if I need to manually do it.

I did find the guide (http://www.virtualmin.com/documentation/email/smtps), but it references an actual SSL cert from a third party.

As an add-on to this, if I need to buy a cert, can I use one domain to send the mail for all domains under Virtualmin's control?

Any help or guidance would be appreciated.

Fri, 10/23/2009 - 11:59
Deviation

I answered my own question. Yes you can use self-signed certs with Postfix TLS and get Gmail to work with it. In Gmail, you need to tell it to use port 25.

Fri, 10/23/2009 - 12:38
Deviation

Here's the process I went through in case anyone else gets stuck. Substitute 'your.servername.com' with the name of your server. I used the FQDN to keep things straight

1. Open an ssh session to your server.
2. Navigate to the /root directory. I chose to store my certs here for security reasons. Ultimately you can put them wherever you want. Postfix will initialize as root so it can read these files.
3. Type the following command:

openssl genrsa -des3 -out your.servername.com.key 1024

4. Now let's create the CSR

openssl req -new -key your.servername.com.key -out your.servername.com.csr

You will be prompted to fill out a few questions. Remember that "Common Name" is the FQDN of your server. Fill in all the blanks until you reach "Please enter the following 'extra' attributes...". These are optional. Just hit enter twice to skip them.

5. Now we'll get rid o fthe passphrase on the key. This is done so that the cert will load automatically when the server reboots (assuming this is an issue like it was with Apache?). Be sure you guard this key file extra carefully now.

cp your.servername.com.key your.servername.com.key.org
openssl rsa -in your.servername.com.key.org -out your.servername.com.key

6. Create the certificate

openssl x509 -req -days 365 -in your.servername.com.csr -signkey your.servername.com.key -out your.servername.com.crt

Now just follow http://www.virtualmin.com/documentation/email/smtps and you're set. Be sure to restart Postfix at the end.

Topic locked