Here's a quick and dirty instruction set to add a Godaddy cert (with intermediary file) to your mail server. admins, please feel free to clean this up. # create CSR and KEY cd /etc/ssl/private openssl req -newkey rsa:2048 -nodes -keyout certdomain.com.key -out certdomain.com.csr #Submit CSR to CA #create gd_bundle.crt (replace with current) tee /etc/ssl/private/gd_bundle.crt <<-\EOA -----BEGIN CERTIFICATE----- (the contents of your gd_bundle.crt file) -----END CERTIFICATE----- EOA #create certdomain.com.crt (replace with new cert) tee /etc/ssl/private/certdomain.com.crt <<-\EOA -----BEGIN CERTIFICATE----- (the contents of your domain.crt file) -----END CERTIFICATE----- EOA #create certdomain.com.pem cat /etc/ssl/private/certdomain.com.crt /etc/ssl/private/certdomain.com.key > /etc/ssl/private/certdomain.com.pem #Edit /etc/courier/imapd-ssl and pop3d-ssl TLS_CERTFILE=/etc/ssl/private/certdomain.com.pem TLS_TRUSTCERTS=/etc/ssl/private/gd_bundle.crt #restart imapd-ssl and pop3dssl /etc/init.d/courier-imap-ssl restart /etc/init.d/courier-pop-ssl restart #test openssl s_client -host 127.0.0.1 -port 993 ###GET TLS on postfix. #edit /etc/postfix/main.cf #comment out existing lines: #smtpd_tls_cert_file = /etc/postfix/smtpd.cert #smtpd_tls_key_file = /etc/postfix/smtpd.key #add the following: smtpd_tls_key_file = /etc/ssl/private/certdomain.com.key smtpd_tls_cert_file = /etc/ssl/private/certdomain.com.crt #smtpd_tls_auth_only = yes #uncomment if you want only SSL connections over SMTP smtpd_tls_CAfile = /etc/ssl/private//gd_bundle.crt smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom #end of editing main.cf #restart postfix /etc/init.d/postfix restart
There is no information out there for sendmail and godaddy SSL. Their tech support does not know how to do it ... this is what I did. openssl req -new -newkey rsa:2048 -utf8 -verify -nodes -out tls-cert.csr -keyout tls-cert-private.key send tls-cert.csr to godaddy config for sendmail define(`confCACERT_PATH', `/etc/mail/certs/godaddy/')dnl define(`confCACERT', `/etc/mail/certs/godaddy/CA.cert.pem')dnl define(`confSERVER_CERT', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl define(`confSERVER_KEY', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl define(`confCLIENT_CERT', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl define(`confCLIENT_KEY', `/etc/mail/certs/godaddy/tls-cert-public.pem')dnl define(`confCRL', `/etc/mail/certs/godaddy/CA.cert.pem')dnl pull two version off from godaddy of the certificate - APACHE and Exchange get the public cert from the Apache zip file i've called it "tls-cert.crt" combine it with the private key you used. cat tls-cert-private.key tls-cert.crt > tls-cert-public.pem now get the the intermediate file from the Exchange zip file should be gd-g2_iis_intermediates.p7b convert it to pem via https://www.sslshopper.com/ssl-converter.html now copy that over as CA.cert.pem chmod 0600 *.* restart sendmail Use this to test to see it all works http://www.checktls.com/perl/TestReceiver.pl
