Guide on Renewing SSL Certificate for Apache, Postfix and Dovecot on CentOS 6.8 Linux ===================================================================================== Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL) Country: Singapore Date: 12 November 2020 Thursday Singapore Time Type of Publication: Plain Text Document Version: 20201112.01 Generating Certificate Signing Request (CSR) Using OpenSSL command on Linux =========================================================================== Reference Guide: Generating CSR on Apache + OpenSSL/ModSSL/Nginx + Heroku Link: https://www.namecheap.com/support/knowledgebase/article.aspx/9446/14/generating-csr-on-apache--opensslmodsslnginx--heroku/#4 # cd /root # which openssl # openssl req -new -newkey rsa:2048 -nodes -keyout teo-en-ming-corp.key -out teo-en-ming-corp.csr Generating a 2048 bit RSA private key ...............................................................................................................................................................................+++ ........................................................................+++ writing new private key to 'teo-en-ming-corp.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:SG State or Province Name (full name) []:Singapore Locality Name (eg, city) [Default City]:Singapore Organization Name (eg, company) [Default Company Ltd]:Teo En Ming Corporation Organizational Unit Name (eg, section) []:IT Department Common Name (eg, your name or your server's hostname) []:*.teo-en-ming-corp.com.sg (USE WILDCARD!!!) Email Address []:ceo@teo-en-ming-corp.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: # mkdir teo-en-ming # mv teo-en-ming-corp.csr teo-en-ming-corp.key teo-en-ming/ # cd teo-en-ming [root@mail.teo-en-ming-corp.com.sg teo-en-ming]# ls -al total 16 drwxr-xr-x 2 root root 4096 Nov 11 11:43 . dr-xr-x---. 14 root root 4096 Nov 11 11:43 .. -rw-r--r-- 1 root root 1119 Nov 11 11:42 teo-en-ming-corp.csr -rw-r--r-- 1 root root 1708 Nov 11 11:42 teo-en-ming-corp.key # cat teo-en-ming-corp.csr (Display Certificate Signing Request) -----BEGIN CERTIFICATE REQUEST----- -----END CERTIFICATE REQUEST----- # cat teo-en-ming-corp.key (Display Private/Secret Key) -----BEGIN PRIVATE KEY----- -----END PRIVATE KEY----- Result from AlphaSSL Portal ============================ Congratulations! Your order has been placed successfully. Your order number is : You'll need to copy the following Domain Verification Code and place it in a text file called "gsdv.txt" which you'll then need to put in one of the approved locations Meta Tag : http://teo-en-ming-corp.com.sg/.well-known/pki-validation/gsdv.txt https://teo-en-ming-corp.com.sg/.well-known/pki-validation/gsdv.txt To complete the URL Verification, close the browser. Open the SSL Configuration Link in new browser and click on "Complete Url Verification". End of Result from AlphaSSL Portal ================================== Domain Verification for SSL Certificate ======================================= # cd /home/teo-en-ming-corp/public_html # mkdir .well-known # cd .well-known # mkdir pki-validation # cd pki-validation/ Edit gsdv.txt. # nano gsdv.txt Begin Email from AlphaSSL ========================= Email Subject: : Your SSL Certificate for *.teo-en-ming-corp.com.sg has been issued ------------------------------------------------------------------------------- Please note that this email is automatically sent from a noreply mailbox. To contact AlphaSSL please use the Contact Details at the footer of this email. ------------------------------------------------------------------------------- Dear Turritopsis Dohrnii Teo En Ming, Your AlphaSSL Certificate has now been issued and is ready to be installed. Your SSL Certificate can be found at the bottom of this email. CERTIFICATE DETAILS -------------------------------------------------- Order Number: Common Name: *.teo-en-ming-corp.com.sg INSTALLING YOUR CERTIFICATE ---------------------------------------------------- Your SSL Certificate and Intermediate Certificate must be installed on your server. Please note that as of March 31st 2014, SHA-256 will become the default hashing algorithm used unless SHA-1 was selected during the ordering process. You can find guides on installing your certificate with the Support Center online at: http://www.alphassl.com/support QUICK INSTALLATION GUIDE ---------------------------------------------------- 1) Using a text editor, copy the SSL Certificate text from the bottom of this email (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and save it to a file such as yourdomain.txt 2) Retrieve the Intermediate Certificate (selecting SHA-1 or SHA-256 as appropriate) from the Support Center at: https://www.alphassl.com/support/install-root-certificate.html 3) Using a text editor, copy the Intermediate Certificate text (including the ----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines) and save it to a file such as intermediate_domain_ca.txt 4) Copy these .txt files to your server and then rename them with .crt extensions 5) Install the Intermediate and SSL Certificates 6) Restart your server 7) To test for installation errors please use our SSL Configuration Checker located at https://sslcheck.globalsign.com/en_US 8) Install your Site Seal with the instructions show at: http://www.alphassl.com/support/ssl-site-seal.html 9) We suggest you back-up your SSL Certificate and Private Key pair and keep it safe, all IIS users can use the Export Wizard We hope that your application process was quick and easy and you have enjoyed the AlphaSSL experience. Thank you for choosing AlphaSSL, if you have any questions or issues please do not hesitate to contact us. CONTACT US -------------------------------------------------- For Sales, Technical Support & Account Queries: W: http://www.alphassl.com/support E: support@alphassl.com T: US Toll Free: 877 SSLALPHA (+1 877 775 2574) | Fax: 720 528 8160 T: EU: +44 1622 766 700 | Fax: +44 1622 662 255 --------------------------------------------------- LOW COST. TRUSTED BY ALL BROWSERS. SSL MADE EASY. --------------------------------------------------- YOUR SSL CERTIFICATE -------------------------------------------------- (Formatted for the majority of web server software including IIS and Apache based servers): -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- End of Email from AlphaSSL =========================== # cd /root/teo-en-ming # nano teo-en-ming-corp.crt (Saving the SSL Certificate/Public Key) -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- # nano intermediate_domain_ca.crt (Saving the intermediate CA certificate) -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- Installing SSL Certificate on Postfix SMTP Server ================================================= Backup the Postfix configuration files first before you modify anything. # cd /etc/postfix # cp main.cf main.teoenming # cp master.cf master.teoenming Reference Guide: Installing and configuring SSL on Postfix/Dovecot mail server Link: https://www.namecheap.com/support/knowledgebase/article.aspx/9795/69/installing-and-configuring-ssl-on-postfixdovecot-mail-server Copy the public and private key over from /root/teo-en-ming to /etc/postfix. # cd /root/teo-en-ming/ # cp * /etc/postfix # cd /etc/postfix Edit the Postfix configuration file. # nano main.cf smtpd_tls_cert_file = /etc/postfix/teo-en-ming-corp.crt smtpd_tls_key_file = /etc/postfix/teo-en-ming-corp.key smtpd_tls_CAfile = /etc/postfix/intermedia_domain_ca.crt ***Please note that the previous IT support company did not enable SSL/TLS for SMTP Server.*** Restart the Postfix SMTP Server. # service postfix restart Installing SSL Certificate on Dovecot IMAP and POP3 Incoming Mail Server ========================================================================= Backup the auxiliary Dovecot configuration file first before you modify anything. # cd /etc/dovecot/conf.d # cp 10-ssl.conf 10-ssl.teoenming Begin Redundant/Useless Section =============================== Please do not follow the instructions in this section. # cd /etc/pki/dovecot/certs # cp /root/teo-en-ming/teo-en-ming-corp.crt . # cd /etc/pki/dovecot/private/ # cp /root/teo-en-ming/teo-en-ming-corp.key . # cd /etc/dovecot/conf.d Edit 10-ssl.conf. # nano 10-ssl.conf ssl_cert = You can also configure SSL Certificate using Webmin. I will publish a guide on this in the future. Also, 16 screenshots will be published in the future. End of Guide ============ -----BEGIN EMAIL SIGNATURE----- The Gospel for all Targeted Individuals (TIs): [The New York Times] Microwave Weapons Are Prime Suspect in Ills of U.S. Embassy Workers Link: https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html ******************************************************************************************** Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): [1] https://tdtemcerts.wordpress.com/ [2] https://tdtemcerts.blogspot.sg/ [3] https://www.scribd.com/user/270125049/Teo-En-Ming -----END EMAIL SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org