- Muatnaik fail ssl yang diperlukan ke server zimbra
cp domain.key commercial.key
cp intermediate/gd_bundle-g2-g1.crt commercial_ca.crt
scp Certificate/numbers-digits.crt commercial.key commercial_ca.crt zimbra-IP:/tmp - Periksa ssl
su - zimbra
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/numbers-digits.crt /tmp/commercial_ca.crt -
Pasangkan ssl
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/number-digits.crt /tmp/commercial_ca.crt
- Mulakan semula zimbra
zmcontrol restart
Tag: ssl
Setting SSL (letsencrypt) nginx Citadel
- Tukar port HTTPS Citadel ke 2001 dengan arahan
dpkg-reconfigure citadel-webcit
- Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
- Edit /etc/nginx/sites-enabled/citadel seperti berikut:
[code lang=’plain’]
server {server_name domain.com citadel.domain.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
include snippets/ssl-domain.com.conf;
include snippets/ssl-params.conf;error_log /var/log/nginx/citadel-error.log;
access_log /var/log/nginx/citadel-access.log;root /usr/share/citadel-webcit;
# optional:
# listen 192.168.1.1:443
# instead depending on your setup…
# Main location
location /webcit/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /listsub/ {
proxy_pass https://127.0.0.1:2001;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /groupdav/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
location /freebusy/ {
proxy_pass https://127.0.0.1:2001/;
proxy_redirect off;proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;client_max_body_size 10m;
client_body_buffer_size 128k;proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
}[/code]
Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
Pasang SSL Wildcard Geotrust pada Zimbra 8
Simpan private key sebagai /opt/zimbra/ssl/zimbra/commercial.key
Simpan server certificate ke fail /tmp/server.crt
Simpan intermediate certificate sebagai /tmp/ca_intermediate.crt
Dapatkan kandungan “Root 2 – GeoTrust Global CA” (pem file) dan simpan sebagai /tmp/global2.crt dari https://www.geotrust.com/resources/root-certificates/#
cat /tmp/ca_intermediate.crt /tmp/global2.crt /tmp/ca.crt > /tmp/ca_chain.crt
Sahkan sijil SSL dengan
/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt
Pasang sijil SSL
/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt
Mulakan semula zimbra
su - zimbra
zmcontrol restart
SSL Owncloud 8.0 pada Debian 7
Buatkan CSR dengan openssl dari PC anda.
openssl genrsa -des3 -out owncloud_domain_com.key 2048
openssl req -new -key owncloud_domain_com.key -out owncloud_domain_com.csr
Setelah memuatnaik CSR dan dapat zip file dari COMODO, unzip, kemudian buatkan chain certificate.
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
Uji self-sign ssl terlebih dahulu.
a2enmod ssl
a2ensite default-ssl
service apache2 restart
Jika OK, teruskan:
Muatnaik bundle.crt ke /etc/apache2/ssl.crt/
Muatnaik owncloud_domain_com.key ke /etc/ssl/private/
Muatnaik owncloud_domain_com.crt ke /etc/ssl/certs/
Contoh yang diubah pada /etc/sites-enabled/default-ssl
SSLCertificateFile /etc/ssl/certs/owncloud_domain_com.crt
SSLCertificateKeyFile /etc/ssl/private/owncloud_domain_com.key
SSLCertificateChainFile /etc/apache2/ssl.crt/bundle.crt
Tambah juga tetapan berikut untuk melumpuhkan POODLE
SSLProtocol All -SSLv2 -SSLv3
Mulakan semula apache2
service apache2 restart
Nota Apache #1
Menambah pilihan untuk akses ke laman web dengan SSL (HTTPS)
*Teknik berikut dilakukan pada Debian GNU/Linux 5
- Pasang pakej HTTPD Apache
aptitude install apache2
- Cipta certificate ssl public dan private (cara malas)
make-ssl-cert generate-default-snakeoil
cd /etc/ssl/
cat private/ssl-cert-snakeoil.key certs/ssl-cert-snakeoil.pem > mykey.pem - Benarkan modul ssl untuk Apache2
a2enmod ssl
- Tambah berikut pada /etc/apache2/sites-enabled/000-default (contoh untuk akses HTTPS pada /var/www)
[code=’plain’]
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combinedSSLEngine On
SSLCertificateFile /etc/ssl/mykey.pem
[/code] - Mulakan semula servis apache2
/etc/init.d/apache2 restart