Tuesday, February 5, 2013

Apache with ssl

For a homepage i want a https access with apache.
This is the way i solved it:

mkdir /etc/apache2/myssl
cd /etc/apache2/myssl
openssl req -new > server.cert.csr
openssl rsa -in privkey.pem -out server.cert.key
openssl x509 -in server.cert.csr -out server.cert.crt -req -signkey server.cert.key -days 365
nano /etc/apache2/ports.conf
nano /etc/apache2/httpd.conf
a2enmod ssl
/etc/init.d/apache2 force-reload

This is the code i added to the httpd.conf:

<VirtualHost ******:443>
ServerName ******
SSLEngine on
SSLCertificateKeyFile /etc/apache2/myssl/server.cert.key
SSLCertificateFile /etc/apache2/myssl/server.cert.crt

 And this i add to the ports.conf:

Listen 443 http

That the site is correctly found i hat to modify / create the

DocumentRoot /var/www

At the file /etc/apache2/sites-available/default-ssl i had to change the file paths like this:

SSLCertificateKeyFile /etc/apache2/myssl/server.cert.key
SSLCertificateFile /etc/apache2/myssl/server.cert.crt

Finnising i aktivate and reload the changes:
a2enmod ssl
/etc/init.d/apache2 restart

Error with fetchmail and ssl certificate

After adding a new pop3 mailserver to my .fetchmailrc i get with every mailexchange this errors in my logfile:

Jan 20 01:57:35 server2 fetchmail[27210]: Warnung: Die Verbindung ist unsicher, mache trotzdem weiter. (Nehmen Sie lieber --sslcertck!)
Jan 20 01:57:35 server2 fetchmail[27210]: Fehler bei Server-Zertifikat-Überprüfung: self signed certificate

There is a SSL problem when retrieving the mails.
To solve this i first see what ssl fingerprints the pop3 server has.
For this i start fetchmail from shell:
fetchmail -v -f /etc/.fetchmailrc

And add the shown fingerprints to my .fetchmailrc.
After every user i put this line:
options ssl sslfingerprint "00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00"