Diary of an IT Architect

Copypastable tutorials I wrote for my reference. You're welcome.

Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Postfix's config file so they can be used to secure SMTP traffic.

Continue reading...

Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Dovecot's config file so they can be used to secure POP and IMAP traffic.

Continue reading...

Once I've obtained free SSL certificates from Let's Encrypt, preferrably wildcard ones, as described in another article here at Mimar - Let's Encrypt Wildcard Certificates On FreeBSD With BIND DNS Validation - I'm going to combine them into single PFX file so it can be used by Microsoft Exchange to secure IMAP, SMTP, POP and IIS services.

Continue reading...

I have just updated my favourite XMPP server - ejabberd - from 17.01 to 17.04.

Continue reading...

As of ejabberd-17.11, configuration option certfile, which should point to combined PEM file which consists of private key, server certificate and intermediate certificate(s), was replaced with configuration option certfiles, which should point to directory which holds private key, server certificate, and intermediate certificate(s) in separate PEM files. Also, ca_file configuration option was introduced, which should point to "trusted root certificate bundle".

For ejabberd-17.11 and newer, configuration is similar to:

###   ======= CERTIFICATES ========   ###
certfiles:
  - "/etc/ssl/certs/live/mimar.rs/*.pem"
ca_file: "/usr/local/etc/ssl/cert.pem"

Continue reading...