little DA + Apache + Dovecot + Exim SSL FAQ, Tested on CentOS 6

huglester

Verified User
Joined
Sep 3, 2012
Messages
22
Location
Lithuania
Hello,

So I've bought DA, and wanted to secure it with SSL sertificate. I bought one from a vendor.. here are the instruction on how to use this ssl cert on DA Panel, apache, dovecot, exim.

# Firstly, we generate CSR certificate: (source: http://help.directadmin.com/item.php?id=256 )

cd /root
/usr/bin/openssl genrsa 2048 > private.key
/usr/bin/openssl req -new -key private.key

# after we provided with CSR, we will get the certificate file from our vendor...

# before moving certificates, we back up old DA certificate files:
mv /usr/local/directadmin/conf/cacert.pem /usr/local/directadmin/conf/cacert.pem.`date +'%Y-%m-%d.%H%M%S'`
mv /usr/local/directadmin/conf/cakey.pem /usr/local/directadmin/conf/cakey.pem.`date +'%Y-%m-%d.%H%M%S'`

# now we move our generated CSR key:
mv /root/private.key /usr/local/directadmin/conf/cakey.pem
# also we paste the certificate we got from a vendor and paste
# it to: /usr/local/directadmin/conf/cacert.pem

#now we fix permissions:
chown root:root /usr/local/directadmin/conf/cacert.pem
chmod 600 /usr/local/directadmin/conf/cacert.pem
chown root:root /usr/local/directadmin/conf/cakey.pem
chmod 600 /usr/local/directadmin/conf/cakey.pem

#from here, we are ready with protecting DirectAdmin.


#Apache configuration...:

# we back up old Apache certificates
mv /etc/httpd/conf/ssl.crt/server.crt /etc/httpd/conf/ssl.crt/server.crt.`date +'%Y-%m-%d.%H%M%S'`
mv /etc/httpd/conf/ssl.key/server.key /etc/httpd/conf/ssl.key/server.key.`date +'%Y-%m-%d.%H%M%S'`

#Link new certificates from DirectAdmin panel to Apache:
ln -s /usr/local/directadmin/conf/cacert.pem /etc/httpd/conf/ssl.crt/server.crt
ln -s /usr/local/directadmin/conf/cakey.pem /etc/httpd/conf/ssl.key/server.key

# Apache done.

# dovecot uses apache sertificate paths, so no bother about it.

# Exim:
# backing up old Exim certificates
mv /etc/exim.cert /etc/exim.cert.`date +'%Y-%m-%d.%H%M%S'`
mv /etc/exim.key /etc/exim.key.`date +'%Y-%m-%d.%H%M%S'`

# we can't link this, since exim needs read permission to a cert, and key. and both are owned by root:root
# so we copy them, and change permissions:

cp /usr/local/directadmin/conf/cacert.pem /etc/exim.cert
chown mail:mail /etc/exim.cert
chmod 600 /etc/exim.cert

cp /usr/local/directadmin/conf/cakey.pem /etc/exim.key
chown mail:mail /etc/exim.key
chmod 600 /etc/exim.key

# Exim done


# restart services
/etc/init.d/httpd restart
/etc/init.d/dovecot restart
/etc/init.d/exim restart



Maybe such a post exists, but I did find it then :(
 

nobaloney

NoBaloney Internet Svcs - In Memoriam †
Joined
Jun 16, 2003
Messages
26,119
Location
California
We always welcome nice sucinct How-Tos. Thanks. I've moved your submission to our How-To subforum, and slightly edited the subject; since it's no longer in a CentOS 6 subforum, I added the version information to the subject. If I misunderstood and it's been tested to work elsewhere as well, please let me know and I can modify the subject again.

Jeff
 

huglester

Verified User
Joined
Sep 3, 2012
Messages
22
Location
Lithuania
Hello,

thanks for moving the post. I have not tested it with anything but CentOS, since It's my first install of DA.

If anyone have some improvements - please share :)
 

jojolafrite

Verified User
Joined
Sep 19, 2014
Messages
52
It is a good inspiration, but for Apache 2.4, it has changed. I would like to say it is also possible to go to Directadmin admin panel, at user level, to select your main domain & click on SSL certificates,

1. then add your private, server certificate followed by all intermediate certificates.
2. Click on "use CA root certificate" and paste the CA certificate.

Directadmin will copy the certificates to the right files: server.crt, server.key and server.ca

It is important because if you follow the tutorial from huglester above, you may end up with apache refusing starting up if you empty or delete the file server.ca
 
Last edited:
Top