免费注册 查看新帖 |

Chinaunix

  平台 论坛 博客 文库
最近访问板块 发新帖
查看: 4529 | 回复: 0

[FreeBSD] 关于extmail的https配置问题,请各位帮帮忙,谢谢! [复制链接]

论坛徽章:
0
发表于 2009-01-07 18:00 |显示全部楼层
系统:FreeBSD7.1+postfix+sasl2+mysql+maildrop+Apache22+ExtMan+Extmail

pop3/pop3s/smtp/smtps用foxmail可以收发邮件,http的web界面也可以,就https配置不成功,gooles and baidu两天了没有找到问题所在,请指指点点,谢谢!

TLS的设置按官方教程做了不下5次,方法如下:

mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/local/openssl/openssl.cnf        .

编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA

输入的信息如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:mail.test.com
Email Address []:test@test.com

mail.test.com是我测试的服务名.

执行命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem /usr/local/etc/postfix/certs/
cp mycert.pem /usr/local/etc/postfix/certs/
cp mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0

其中会有两个问题,我都回答了Y

安装配置Apache
cd /usr/ports/www/apache22/ && make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www WITH_MPM=worker WITHOUT_IPV6=yes WITH_THREADS=yes install clean
安装选项时我加了个mysql的支持.

修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为vmail:vmail
User vmail
Group vmail

配置支持https
复制一份证书到apache的目录
mkdir /usr/local/etc/apache22/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/

mail# cat /usr/local/etc/apache22/Includes/extmail.conf

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName mail.test.com
    DocumentRoot /usr/local/www/extmail/html/

    ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
    Alias /extmail /usr/local/www/extmail/html/
    ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
    Alias /extman "/usr/local/www/extman/html/"

    <Location "/extman/cgi">
        SetHandler cgi-script
        Options +ExecCGI
        AllowOverride All
    </Location>
    <Directory "/usr/local/www">
        AllowOverride None
        Options None
        Order allow,deny
        Allow from all
    </Directory>

#    SuexecUserGroup vmail vmail
</VirtualHost>

mail# cat /usr/local/etc/apache22/Includes/extmail-ssl.conf
Listen 443

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl

SSLPassPhraseDialog  builtin
SSLSessionCache        shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout  300
SSLMutex  file:/var/run/ssl_mutex

<VirtualHost _default_:443>

DocumentRoot "/usr/local/www/extmail/html"
ServerName mail.test.com:443

ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"

ServerAdmin test@test.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache22/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache22/server.key

SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache22/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

#SuexecUserGroup vmail vmail
</VirtualHost>

mail# /usr/local/etc/rc.d/apache22 restart
Performing sanity check on apache22 configuration:
[Wed Jan 07 13:20:12 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.
Syntax OK
Stopping apache22.
Performing sanity check on apache22 configuration:
[Wed Jan 07 13:20:13 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.
Syntax OK
Starting apache22.
[Wed Jan 07 13:20:13 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.

打上网址:https://mail.test.com
浏览器提示:
opera
Forbidden

You don't have permission to access /extman/ on this server.

IE6.0
您无权查看该网页
您可能没有权限用您提供的凭据查看此目录或网页。

请各指点指点,谢谢!

mail# cat /etc/rc.conf
ifconfig_le0="DHCP"
inetd_enable="YES"
sshd_enable="YES"
sendmail_enable="NONE"
keymap="us.iso"
hostname="mail.test.com"
mysql_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
postfix_enable="YES"
accf_data_load="YES"
accf_http_load="YES"
apache22_enable="YES"
apache22_http_accept_enable="YES"
您需要登录后才可以回帖 登录 | 注册

本版积分规则 发表回复

  

北京盛拓优讯信息技术有限公司. 版权所有 京ICP备16024965号-6 北京市公安局海淀分局网监中心备案编号:11010802020122 niuxiaotong@pcpop.com 17352615567
未成年举报专区
中国互联网协会会员  联系我们:huangweiwei@itpub.net
感谢所有关心和支持过ChinaUnix的朋友们 转载本站内容请注明原作者名及出处

清除 Cookies - ChinaUnix - Archiver - WAP - TOP