This is an old revision of the document!
After rebuilding Bud due to successful attacks, a number of suggestions were made, and some of them implemented to improve security:
groupadd –system wheel
from the Omnitec Wiki
Postfix and Apache both use the SSL certificates in /etc/ssl/ for secure communications and TLS authenication. The guide for creating the keys is at openssl.htm (http://www.nomoa.com/bsd/openssl.htm)
* Backup /etc/ssl/openssl.cnf to /etc/ssl/openssl.cnf.original and change/add defaults to be specific to SLUUG:
* Generate the private server key with passphrase.
openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
* Generate the certificate request with defaults from the modified openssl.cnf. For the "Common Name" enter the servers fqdn e.g. bud.sluug.org
openssl req -new -key /etc/ssl/private/<name>.key -out /etc/ssl/private/<name>.csr
Self sign the certificate request to produce the certificate.
openssl x509 -req -days 3650 -in /etc/ssl/private/<name>.csr -signkey /etc/ssl/private/<name>.key -out /etc/ssl/<name>.crt
Next copy the key and cert created to the /etc/ssl/private/postfix.key and /etc/ssl/postfix.crt and change group so postfix can read it.
cp /etc/ssl/private/server.key /etc/ssl/private/postfix.key cp /etc/ssl/postfix.crt /etc/ssl/postfix.crt chown :postfix /etc/ssl/private/postfix.key chown :postfix /etc/ssl/postfix.crt
openssl-keygen <Certificate Name>
==== Required ==== * Section Name: * Your name (Admin name): * Email (Admin Email):