Pasang SSL GoDaddy pada Zimbra 8

  1. Muatnaik fail ssl yang diperlukan ke server zimbra

    cp domain.key commercial.key
    cp intermediate/gd_bundle-g2-g1.crt commercial_ca.crt
    scp Certificate/numbers-digits.crt commercial.key commercial_ca.crt zimbra-IP:/tmp

  2. Periksa ssl

    su - zimbra
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/numbers-digits.crt /tmp/commercial_ca.crt

  3. Pasangkan ssl

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/number-digits.crt /tmp/commercial_ca.crt

  4. Mulakan semula zimbra
    zmcontrol restart
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Setting SSL (letsencrypt) nginx Citadel

  1. Tukar port HTTPS Citadel ke 2001 dengan arahan

    dpkg-reconfigure citadel-webcit

  2. Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
  3. Edit /etc/nginx/sites-enabled/citadel seperti berikut:
    server {
    
            server_name domain.com citadel.domain.com;
            listen 443 ssl http2;
            listen [::]:443 ssl http2;
            include snippets/ssl-domain.com.conf;
            include snippets/ssl-params.conf;
    
            error_log /var/log/nginx/citadel-error.log;
            access_log /var/log/nginx/citadel-access.log;
    
            root /usr/share/citadel-webcit;
    # optional:
    #      listen 192.168.1.1:443
    # instead depending on your setup...
            # Main location
            location /webcit/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /listsub/ {
                proxy_pass         https://127.0.0.1:2001;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /groupdav/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /freebusy/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
    }

Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Pasang SSL Wildcard Geotrust pada Zimbra 8

Simpan private key sebagai /opt/zimbra/ssl/zimbra/commercial.key
Simpan server certificate ke fail /tmp/server.crt
Simpan intermediate certificate sebagai /tmp/ca_intermediate.crt

Dapatkan kandungan “Root 2 – GeoTrust Global CA” (pem file) dan simpan sebagai /tmp/global2.crt dari https://www.geotrust.com/resources/root-certificates/#

cat /tmp/ca_intermediate.crt /tmp/global2.crt /tmp/ca.crt > /tmp/ca_chain.crt

Sahkan sijil SSL dengan

/opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/commercial.crt /tmp/ca_chain.crt

Pasang sijil SSL

/opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/commercial.crt /tmp/ca_chain.crt

Mulakan semula zimbra

su - zimbra
zmcontrol restart

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

SSL Owncloud 8.0 pada Debian 7

Buatkan CSR dengan openssl dari PC anda.

openssl genrsa -des3 -out owncloud_domain_com.key 2048
openssl req -new -key owncloud_domain_com.key -out owncloud_domain_com.csr

Setelah memuatnaik CSR dan dapat zip file dari COMODO, unzip, kemudian buatkan chain certificate.

cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt

Uji self-sign ssl terlebih dahulu.

a2enmod ssl
a2ensite default-ssl
service apache2 restart

Jika OK, teruskan:

Muatnaik bundle.crt ke /etc/apache2/ssl.crt/

Muatnaik owncloud_domain_com.key ke /etc/ssl/private/

Muatnaik owncloud_domain_com.crt ke /etc/ssl/certs/

Contoh yang diubah pada /etc/sites-enabled/default-ssl

SSLCertificateFile /etc/ssl/certs/owncloud_domain_com.crt
SSLCertificateKeyFile /etc/ssl/private/owncloud_domain_com.key
SSLCertificateChainFile /etc/apache2/ssl.crt/bundle.crt

Tambah juga tetapan berikut untuk melumpuhkan POODLE

SSLProtocol All -SSLv2 -SSLv3

Mulakan semula apache2

service apache2 restart

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Nota Apache #1

Menambah pilihan untuk akses ke laman web dengan SSL (HTTPS)

*Teknik berikut dilakukan pada Debian GNU/Linux 5

  1. Pasang pakej HTTPD Apache
    aptitude install apache2
  2. Cipta certificate ssl public dan private (cara malas)
    make-ssl-cert generate-default-snakeoil
    cd /etc/ssl/
    cat private/ssl-cert-snakeoil.key certs/ssl-cert-snakeoil.pem > mykey.pem
  3. Benarkan modul ssl untuk Apache2
    a2enmod ssl
  4. Tambah berikut pada /etc/apache2/sites-enabled/000-default (contoh untuk akses HTTPS pada /var/www)
    <VirtualHost *:443>
    	DocumentRoot /var/www/
    	ErrorLog /var/log/apache2/error.log
    	CustomLog /var/log/apache2/access.log combined
    
    	SSLEngine On
    	SSLCertificateFile /etc/ssl/mykey.pem
    </VirtualHost>
  5. Mulakan semula servis apache2
    /etc/init.d/apache2 restart
  6. Digg This
    Reddit This
    Stumble Now!
    Buzz This
    Vote on DZone
    Share on Facebook
    Bookmark this on Delicious
    Kick It on DotNetKicks.com
    Shout it
    Share on LinkedIn
    Bookmark this on Technorati
    Post on Twitter
    Google Buzz (aka. Google Reader)