I have a server my.server.com and I'm using this name for ispconfig panel, apache, and postfix, and I want to buy a real ssl certificate for this name my.server.com to put it in the 2 apache configurations and in postfix. For the normal apache it should not be a problem with the panel, but for the ispconfig apache, if I put my own server.csr and .crt files to replace the actual self signed certificate files, will they stay even in future upgrades of ispconfig ? Then for postfix, I see that there is also a .pem file with the .csr and .crt, I'm not sure which file it is exactly and how we could have it ? And finally, will the certificate work for smtp and imap, or is there an other way for imap ? Thanks
yes. I'am not sure which SSL cert format postfix needs. The pop3 and imap server has its own certificate.
ok finally for postfix, it seems that there is no need of this .pem file (at least for the thawte SSL 123 certificate I took). I just copied the .key and .crt from what ispconfig generated for the website to the .key and .crt file for postfix, and removed the .pem in the configuration, restarted postfix, and it seems that it's working great. I needed also to restart apache2 because it seems that ispconfig did not do this after I put the certificate content in the panel for the website. I selected "Action: save the certificate" may be that's why it just saved the certificate and not restarted apache ? Now I'm doing this for ispconfig apache, and I will search for imap. I will update this thread when I will find how to do.
for ispconfig apache, it was pretty easy like postfix, just needed to replace server.key and server.crt per the files of the website, and restarted ispconfig so.. imap now
And here is the end of the story: for pop3 and imap ssl, there are 2 pem files: /etc/courier/imapd.pem /etc/courier/pop3d.pem you need to put the content of the .crt file in it, then the .key finally it looks like this in each .pem file: ----BEGIN CERTIFICATE----- crt content -----END CERTIFICATE----- -----BEGIN RSA PRIVATE KEY----- key content -----END RSA PRIVATE KEY----- and restarted courier-imap-ssl and courier-pop-ssl.
