- 论坛徽章:
- 0
|
系统:FreeBSD7.1+postfix+sasl2+mysql+maildrop+Apache22+ExtMan+Extmail
pop3/pop3s/smtp/smtps用foxmail可以收发邮件,http的web界面也可以,就https配置不成功,gooles and baidu两天了没有找到问题所在,请指指点点,谢谢!
TLS的设置按官方教程做了不下5次,方法如下:
mkdir -p /usr/local/etc/postfix/certs/CA
cd /usr/local/etc/postfix/certs/CA
mkdir certs crl newcerts private
echo "01" > serial
touch index.txt
cp /usr/local/openssl/openssl.cnf .
编辑openssl.cnf,确认dir参数的值是/usr/local/etc/postfix/certs/CA
输入的信息如下:
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:BJ
Locality Name (eg, city) []:Bei Jing
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Extmail
Organizational Unit Name (eg, section) []:extmail
Common Name (eg, YOUR name) []:mail.test.com
Email Address []:test@test.com
mail.test.com是我测试的服务名.
执行命令如下:
openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
openssl req -nodes -new -x509 -keyout mykey.pem -out myreq.pem -days 3650 -config openssl.cnf
openssl x509 -x509toreq -in myreq.pem -signkey mykey.pem -out tmp.pem
openssl ca -config openssl.cnf -policy policy_anything -out mycert.pem -infiles tmp.pem
rm tmp.pem
cp cacert.pem /usr/local/etc/postfix/certs/
cp mycert.pem /usr/local/etc/postfix/certs/
cp mykey.pem /usr/local/etc/postfix/certs/
cd /usr/local/etc/postfix/certs/
chown root:wheel cacert.pem mycert.pem
chown root:postfix mykey.pem
chmod 755 cacert.pem
chmod 644 mycert.pem
chmod 440 mykey.pem
ln -s cacert.pem `openssl x509 -noout -hash < cacert.pem `.0
其中会有两个问题,我都回答了Y
安装配置Apache
cd /usr/ports/www/apache22/ && make WITH_SUEXEC=yes SUEXEC_DOCROOT=/usr/local/www WITH_MPM=worker WITHOUT_IPV6=yes WITH_THREADS=yes install clean
安装选项时我加了个mysql的支持.
修改apache的配置文件/usr/local/etc/apache22/httpd.conf,使apache运行时的权限为vmail:vmail
User vmail
Group vmail
配置支持https
复制一份证书到apache的目录
mkdir /usr/local/etc/apache22/certs/
cp /usr/local/etc/postfix/certs/*.pem /usr/local/etc/apache22/certs/
mail# cat /usr/local/etc/apache22/Includes/extmail.conf
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mail.test.com
DocumentRoot /usr/local/www/extmail/html/
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
<Location "/extman/cgi">
SetHandler cgi-script
Options +ExecCGI
AllowOverride All
</Location>
<Directory "/usr/local/www">
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# SuexecUserGroup vmail vmail
</VirtualHost>
mail# cat /usr/local/etc/apache22/Includes/extmail-ssl.conf
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/run/ssl_scache(512000)
SSLSessionCacheTimeout 300
SSLMutex file:/var/run/ssl_mutex
<VirtualHost _default_:443>
DocumentRoot "/usr/local/www/extmail/html"
ServerName mail.test.com:443
ScriptAlias /extmail/cgi /usr/local/www/extmail/cgi/
Alias /extmail /usr/local/www/extmail/html/
ScriptAlias /extman/cgi "/usr/local/www/extman/cgi/"
Alias /extman "/usr/local/www/extman/html/"
ServerAdmin test@test.com
ErrorLog /var/log/httpd-error.log
TransferLog /var/log/httpd-access.log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#SSLCertificateFile /usr/local/etc/apache22/server.crt
#SSLCertificateKeyFile /usr/local/etc/apache22/server.key
SSLCertificateFile /usr/local/etc/apache22/certs/mycert.pem
SSLCertificateKeyFile /usr/local/etc/apache22/certs/mykey.pem
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/usr/local/www/apache22/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/httpd-ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
#SuexecUserGroup vmail vmail
</VirtualHost>
mail# /usr/local/etc/rc.d/apache22 restart
Performing sanity check on apache22 configuration:
[Wed Jan 07 13:20:12 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.
Syntax OK
Stopping apache22.
Performing sanity check on apache22 configuration:
[Wed Jan 07 13:20:13 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.
Syntax OK
Starting apache22.
[Wed Jan 07 13:20:13 2009] [warn] Useless use of AllowOverride in line 16 of /usr/local/etc/apache22/Includes/extmail.conf.
打上网址:https://mail.test.com
浏览器提示:
opera
Forbidden
You don't have permission to access /extman/ on this server.
IE6.0
您无权查看该网页
您可能没有权限用您提供的凭据查看此目录或网页。
请各指点指点,谢谢!
mail# cat /etc/rc.conf
ifconfig_le0="DHCP"
inetd_enable="YES"
sshd_enable="YES"
sendmail_enable="NONE"
keymap="us.iso"
hostname="mail.test.com"
mysql_enable="YES"
courier_authdaemond_enable="YES"
courier_imap_pop3d_enable="YES"
courier_imap_imapd_enable="YES"
courier_imap_pop3d_ssl_enable="YES"
courier_imap_imapd_ssl_enable="YES"
postfix_enable="YES"
accf_data_load="YES"
accf_http_load="YES"
apache22_enable="YES"
apache22_http_accept_enable="YES" |
|