OS: Gentoo Linux
Services: WEB(lighttpd), SMTP(postfix), IMAP/POP3(courier-imap), ftp (Proftpd)
1. To generate your own certification file, referenced given by Apache2/SSL Certificates, the steps are similar.
And I am using verification by CACert.org (because it is free, although limited browser acceptance it). For example, using the command to generate a csr file:
$ openssl req -nodes -new -keyout private.key -out server.csr
and then submit it to CA to get the crt file for your request.
Note: After certification, there will be some files, such as root.crt from cacert, a crt file for your server from cacert. And then merge the key file and the crt file to a pem file by:
$ cat {server crt file} {server key file} > {server pem file}
Till now, we finished the preparation.
2. For lighttpd (https): reference from Howto: Linux Lighttpd SSL (Secure Server Layer) Https Configuration And Installation, the Step #4.
All we need just to add a section for ssl port (443) and setup the cert files. For example:
$SERVER["socket"] == "[::]:443" {
ssl.engine = "enable"
ssl.pemfile = "{location for server pem file}"
ssl.ca-file = "{location for cacert crt file}"
}
3. For Postfix (smtps): reference from Virtual Mailhosting System with Postfix Guide on the Code Listing 6-1. What we need is to setup as for example:
smtp_use_tls = yes
smtpd_use_tls = yes
smtp_tls_note_starttls_offer = yes
smtpd_tls_key_file = {location for server key file}
smtpd_tls_cert_file = {location for server crt file}
smtpd_tls_CAfile = {location for cacert crt file}
4. For courier-imap (imaps, pop3s): referenced given by Courier IMAP SSL Server Certificate Installtion and Configuration.
At imapd-ssl and pop3d-ssl configuration file, we need to modify the two strings:
TLS_CERTFILE={location for server pem file}
TLS_TRUSTCERTS={location for cacert crt file}
5. Proftpd (secure ftp): referenced from FTP and SSL/TLS.
To add the settings in configuration file:
TLSEngine on
...
TLSRSACertificateFile {location for server crt file}
TLSRSACertificateKeyFile {location for server key file}
6. Finally, almost all services are support the SSL protocol. You can verify the settings via openssl’s tool:
$ openssl s_client -connect {server ip}:{server port}
For example: 465 (ssmtp), 993 (imaps), 995 (pop3s). Enjoy it.