| 239 | | 1) put the certificate in the file /etc/postfix/sasl/smtpd.pem (Zentyal 2.0 or Ebox) or /etc/postfix/sasl/postfix.pem [[BR]] |
| 240 | | Create the .pem file according to above.[[BR]] |
| 241 | | 2) restart the mail system with:[[BR]] |
| 242 | | {{{ |
| 243 | | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#AAAAAA" |
| 244 | | /etc/init.d/zentyal mail restart |
| | 239 | After my initial tests still did not satisfy Thunderbird, I've found a great tutorial on [http://www.howtoforge.com/securing-your-ispconfig-3-installation-with-a-free-class1-ssl-certificate-from-startssl] |
| | 240 | |
| | 241 | 1) if you have a StarSSL certificate, get their CA files and give them speaking names: |
| | 242 | {{{ |
| | 243 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#555555" |
| | 244 | cd /home/youruser/[[BR]] |
| | 245 | wget !https://www.startssl.com/certs/ca.pem[[BR]] |
| | 246 | wget !https://www.startssl.com/certs/sub.class1.server.ca.pem[[BR]] |
| | 247 | mv ca.pem startssl.ca.crt[[BR]] |
| | 248 | mv sub.class1.server.ca.pem startssl.sub.class1.server.ca.crt[[BR]] |
| | 249 | }}} |
| | 250 | |
| | 251 | 2) create the chain file |
| | 252 | {{{ |
| | 253 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#555555" |
| | 254 | cat startssl.sub.class1.server.ca.crt startssl.ca.crt > startssl.chain.class1.server.crt |
| | 255 | }}} |
| | 256 | |
| | 257 | At this point you have different options. Either you go with the official supported way and use the hooks for Zentyal, see [http://trac.zentyal.org/wiki/Documentation/Community/HowTo/CustomizeConfigFiles] |
| | 258 | |
| | 259 | or, if you want to do a quick hack, you can do it this way (keep in mind, after an update, these changes might be gone!!!): |
| | 260 | |
| | 261 | {{{ |
| | 262 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#555555" |
| | 263 | cd /usr/share/zentyal|ebox/stubs/mail[[BR]] |
| | 264 | cp main.cf.mas main.cf.mas<date>[[BR]] |
| | 265 | vi main.cf.mas[[BR]] |
| | 266 | }}} |
| | 267 | |
| | 268 | look for the lines with the entries |
| | 269 | |
| | 270 | {{{ |
| | 271 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#AAAAAA" |
| | 272 | my $certFile = '/etc/postfix/sasl/postfix.pem';[[BR]] |
| | 273 | my $keyFile = '/etc/postfix/sasl/postfix.pem';[[BR]] |
| | 274 | }}} |
| | 275 | |
| | 276 | and change them to: |
| | 277 | |
| | 278 | {{{ |
| | 279 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#AAAAAA" |
| | 280 | my $certFile = '/etc/postfix/sasl/smtpd.crt';[[BR]] |
| | 281 | my $keyFile = '/etc/postfix/sasl/smtpd.key';[[BR]] |
| | 282 | my $CAfile = '/etc/postfix/sasl/startssl.chain.class1.server.crt';[[BR]] |
| | 283 | }}} |
| | 284 | |
| | 285 | scroll down and look for the TLS/SSL stuff and add this line: |
| | 286 | |
| | 287 | {{{ |
| | 288 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#AAAAAA" |
| | 289 | smtpd_tls_CAfile = <% $CAfile %> |
| | 290 | }}} |
| | 291 | |
| | 292 | save the file. |
| | 293 | |
| | 294 | Depending where you keep your official certificate and the key, please change the locations accordingly. |
| | 295 | {{{ |
| | 296 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#555555" |
| | 297 | cd /etc/postfix/sasl[[BR]] |
| | 298 | ln -s /home/youruser/www.snakeoil.com.crt smtpd.cert [[BR]] |
| | 299 | ln -s /home/youruser/www.snakeoil.com.key smtpd.key [[BR]] |
| | 300 | ln -s /home/youruser/startssl.chain.class1.server.crt startssl.chain.class1.server.crt [[BR]] |
| | 301 | }}} |
| | 302 | |
| | 303 | 3) restart the mail system with:[[BR]] |
| | 304 | {{{ |
| | 305 | #!div class=conf style="border: 2pt solid; text-align: left;background-color:#AAAAAA" |
| | 306 | /etc/init.d/zentyal mail restart[[BR]] |
