Saturday, January 23, 2010

Securing SquirrelMail using SSL

SkyHi @ Saturday, January 23, 2010

Secure Sockets Layer (SSL) enables the HTTP protocol to be secured. This page will show you how to configure SSL in Apache and SquirrelMail.

Generate a Private Key

Make sure you are logged in as the root user when doing steps below.

OpenSSL GenRSA
1. Generate a pass phrase protected private key using the command below. Provide a pass phrase when asked.
openssl genrsa -des3 -out localhost.key 1024
OpenSSL RSA
2. Remove the pass phrase protection using the command below. Provide the pass phrase when asked.
openssl rsa -in localhost.key -out localhost.key
chmod
3. Type in the command below to ensure that the private key will be readable by the root user only.
chmod 400 localhost.key

Generate a Certificate

OpenSSL CSR
1. Generate a certificate signing request by typing in the command below and filling in your host information.
openssl req -new -key localhost.key -out localhost.csr

Signing options

OpenSSL x509
To self sign your certificate request, type in the command below.
openssl x509 -req -days 365 -in localhost.csr
-signkey localhost.key -out localhost.crt

Configuring Apache for SSL

Terminal
1. Move the file localhost.key into /etc/pki/tls/private/
mv localhost.key /etc/pki/tls/private/
Terminal
2. Place the certificate file into /etc/pki/tls/certs/ and name the file as localhost.crt. The command below applies to self-signed certificate only.
mv localhost.crt /etc/pki/tls/certs/
Edit ssl.conf
3. Edit the file /etc/httpd/conf.d/ssl.conf and edit the lines below.
DocumentRoot = /usr/share/squirrelmail
ServerName = mail.acme.local:443
Replace mail.acme.local with your server name.
Service Configuration
4. Restart the httpd service. Learn how to restart services here.
HTTPS SquirrelMail
5. Try accessing SquirrelMail using https instead of http.