Convert Apache Certs to qmail

This is a document to help you convert your apache certs to qmail.

Please note that the common name you used needs to match the server name in order for your clients not to get the nag screen when they send emails via SSL or TLS.

In order to convert your apache cert, it is important to create the cert correctly. Here is how to do it:

First, We create the key:

# openssl genrsa -out domain.xxx.key 2048

You can substitute 2048 with 4096 for stronger encryption and make sure you replace YOURDOMAIN with your actual domain name.

Next, We need to add a password. Go ahead and type it and confirm.

Now create a csr:

# openssl req -new -key YOURDOMAIN.key -out YOURDOMAIN.csr

It is important to note here to type in all information for your company. When it asks for Common Name (eg, YOUR name) []: it is VERY IMPORTANT this field matches what your users are going to use for their mailserver name. If you are buying a cert for multiple domains, this will be the domain users use the most. When viewing a cert for multiple domains, the common will appear first and the others will show on the cert.

This is the csr you can you to generate your cert when asked by the domain you buy your cert from.

First lets backup the current /var/qmail/control folder first:

# mkdir /var/qmail/backup_control
# cp -Rp /var/qmail/control/* /var/qmail/backup_control

Please copy the .crt, .csr and the .key to the root folder. Then run the following to make a signed cert:

# cat /root/cert.key > /var/qmail/control/servercert.pem
# cat /root/cert.crt >> /var/qmail/control/servercert.pem
# cat /root/intermediate.crt >> /var/qmail/control/servercert.pem

And now lets set the permissions on the servercert.pem:

# chown root:qnofiles /var/qmail/control/servercert.pem
# chmod 640 /var/qmail/control/servercert.pem

Now lets create the clientcert.pem file and the permissions:

# cp /var/qmail/control/servercert.pem /var/qmail/control/clientcert.pem
# chown root:qmail /var/qmail/control/clientcert.pem
# chmod 640 /var/qmail/control/clientcert.pem

Now restart qmail in order to make the changes take effect:

# qmailctl restart

If you are using dovecot you should not need to do anything as the walkthrough uses the apache certs.

freebsdrocks.net facts

freebsdrocks.net was started originally as nospam.mine.nu.

freebsdrocks.net started as a site originally with a custom qmail install similar to qmailrocks.

Get in touch

vinnie@freebsdrocks.net

____Report a broken link