Secure Sockets Layer (SSL) enables the HTTP protocol to be secured. This page will show you how to configure SSL in Apache and SquirrelMail.
Generate a Private Key
Make sure you are logged in as the root user when doing steps below.
1. Generate a pass phrase protected private key using the command below. Provide a pass phrase when asked.
openssl genrsa -des3 -out localhost.key 1024
2. Remove the pass phrase protection using the command below. Provide the pass phrase when asked.
openssl rsa -in localhost.key -out localhost.key
3. Type in the command below to ensure that the private key will be readable by the root user only.
chmod 400 localhost.key
Generate a Certificate
1. Generate a certificate signing request by typing in the command below and filling in your host information.
openssl req -new -key localhost.key -out localhost.csr
Signing options
- For a publicly accessible site, have it signed by a reputable third party like Verisign
- For Active Directory intranets, you can sign it using the Microsoft Certificate Services. Learn how to submit a certificate request to the Microsoft Certificate Services.
- For intranets or testing sites, you can sign it yourself.
To self sign your certificate request, type in the command below.
openssl x509 -req -days 365 -in localhost.csr
-signkey localhost.key -out localhost.crt
Configuring Apache for SSL
1. Move the file localhost.key into /etc/pki/tls/private/
mv localhost.key /etc/pki/tls/private/
2. Place the certificate file into /etc/pki/tls/certs/ and name the file as localhost.crt. The command below applies to self-signed certificate only.
mv localhost.crt /etc/pki/tls/certs/
3. Edit the file /etc/httpd/conf.d/ssl.conf and edit the lines below.
DocumentRoot = /usr/share/squirrelmailReplace mail.acme.local with your server name.
ServerName = mail.acme.local:443
5. Try accessing SquirrelMail using https instead of http.
You can force browsers to always use the SSL version. See Relocating SquirrelMail into the domain root.REFERENCE
http://www.linuxmail.info/securing-squirrelmail-using-ssl/
