StartSSLで証明書取得
参考
http://qiita.com/k-shogo/items/870b6d3939dd08da2de4
ルート証明書、中間証明書取得
$ cd /etc/pki/tls/certs/
$ wget https://www.startssl.com/certs/ca.pem
$ wget https://www.startssl.com/certs/sub.class1.server.ca.pem
Postfix
$ sudo vi /etc/postfix/main.cf
smtpd_use_tls = yes
smtpd_tls_cert_file = /etc/pki/tls/certs/startssl.crt
smtpd_tls_key_file = /etc/pki/tls/certs/server.key
smtpd_tls_CAfile = /etc/pki/tls/certs/ca.pem
startssl.crt、server.keyの名前は作成する際に任意につけたファイル名。
dovecot
$ sudo vi /etc/dovecot/conf.d/10-ssl.conf
ssl = yes
ssl_cert = </etc/pki/tls/certs/startssl.crt
ssl_key = </etc/pki/tls/certs/server.key
ssl_ca = </etc/pki/tls/certs/ca.pem
nginx
$ sudo cat startssl.crt sub.class1.server.ca.pem > /etc/nginx/conf/startssl_nginx.crt
$ sudo vi default.conf
server{
ssl on;
listen 443;
ssl_certificate /etc/pki/tls/certs/startssl_nginx.crt;
ssl_certificate_key /etc/pki/tls/certs/server.key;
}
startssl_nginx.crtの名前は作成する際に任意につけたファイル名。
参考
https://www.startssl.com/?app=42