Diary of an IT Architect

Copypastable tutorials I wrote for my reference. You're welcome.

Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Postfix's config file so they can be used to secure SMTP traffic.

Continue reading...

Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to modify Dovecot's config file so they can be used to secure POP and IMAP traffic.

Continue reading...

Once I've obtained free certificates from Let's Encrypt, preferrably with dehydrated on FreeBSD, I'm going to combine them into single PFX file so it can be used by Microsoft Exchange to secure IMAP, SMTP, POP and IIS services.

Continue reading...

As of ejabberd-17.11, configuration option certfile, which should point to combined PEM file which consists of private key, server certificate and intermediate certificate(s), was replaced with configuration option certfiles, which should point to directory which holds private key, server certificate, and intermediate certificate(s) in separate PEM files. Also, ca_file configuration option was introduced, which should point to "trusted root certificate bundle".

For ejabberd-17.11 and newer, configuration is similar to:

###   ======= CERTIFICATES ========   ###
certfiles:
  - "/etc/ssl/certs/live/mimar.rs/*.pem"
ca_file: "/usr/local/etc/ssl/cert.pem"

Continue reading...

Contrary to StartSSL’s FAQ, it is now possible for authenticated users to submit certificate requests (CSRs) for client (S/MIME) certificates. However, certificates are issued in PEM format, while most browsers and mail clients prefer PKCS#12 format. This article describes steps to create private key and corresponding certificate request, as well as how to create PKCS#12 file after obtaining signed client certificate.

Continue reading...