Changes

From SME Server
Jump to navigationJump to search
1,636 bytes added ,  16:07, 9 February 2014
Line 10: Line 10:     
Obviously external DNS records have to support that URL ie you would usually setup a wildcard in external DNS records that makes *.yourmaindomain.com resolve to your server IP.
 
Obviously external DNS records have to support that URL ie you would usually setup a wildcard in external DNS records that makes *.yourmaindomain.com resolve to your server IP.
 +
 +
====How to change your certificate====
 +
 +
Since SME version 7.1.3, the functionality to configure a Common Name in the certificate is included in the main SME packages and can be configured as follows:
 +
 +
config setprop modSSL CommonName www.domain.com
 +
expand-template /home/e-smith/ssl.crt/crt
 +
expand-template /home/e-smith/ssl.key/key
 +
signal-event domain-modify
 +
signal-event email-update
 +
 +
see this forum thread [http://forums.contribs.org/index.php?topic=33109.15] and bug report [http://bugs.contribs.org/show_bug.cgi?id=1689]
 +
 +
====How to set expiration time====
 +
 +
The SME self signed certificate is valid for one year, and is automatically renewed on the anniversary of the installation date of the SME server OS.
 +
To specify how long your SME certificate will last for, do the following:
 +
 +
cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt
 +
nano -w /etc/e-smith/templates-custom/home/e-smith/ssl.crt
 +
 +
change the value for KEYLIFEINDAYS on the first line to the number of days the certificate will remain valid for eg 1826 for 5 years.
 +
 +
Save & exit by pressing the following keys at the same time
 +
ctrl o
 +
ctrl x
 +
 +
Create a new self signed certificate, with the longer validity period. Replace the filenames below with the correct file/key names applicable to your server.
 +
rm /home/e-smith/ssl.crt/servername.domain.com.crt
 +
rm /home/e-smith/ssl.key/servername.domain.com.key
 +
rm /home/e-smith/ssl.pem/servername.domain.com.pem
 +
signal-event post-upgrade
 +
signal-event reboot
 +
 +
Install the new certificate into your browser.
 +
 +
Also see http://wiki.contribs.org/Certificates_Concepts
    
===Commercial certificates===
 
===Commercial certificates===

Navigation menu