Line 10: |
Line 10: |
| | | |
| Obviously external DNS records have to support that URL ie you would usually setup a wildcard in external DNS records that makes *.yourmaindomain.com resolve to your server IP. | | Obviously external DNS records have to support that URL ie you would usually setup a wildcard in external DNS records that makes *.yourmaindomain.com resolve to your server IP. |
| + | |
| + | ====How to change your certificate==== |
| + | |
| + | Since SME version 7.1.3, the functionality to configure a Common Name in the certificate is included in the main SME packages and can be configured as follows: |
| + | |
| + | config setprop modSSL CommonName www.domain.com |
| + | expand-template /home/e-smith/ssl.crt/crt |
| + | expand-template /home/e-smith/ssl.key/key |
| + | signal-event domain-modify |
| + | signal-event email-update |
| + | |
| + | see this forum thread [http://forums.contribs.org/index.php?topic=33109.15] and bug report [http://bugs.contribs.org/show_bug.cgi?id=1689] |
| + | |
| + | ====How to set expiration time==== |
| + | |
| + | The SME self signed certificate is valid for one year, and is automatically renewed on the anniversary of the installation date of the SME server OS. |
| + | To specify how long your SME certificate will last for, do the following: |
| + | |
| + | cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt |
| + | nano -w /etc/e-smith/templates-custom/home/e-smith/ssl.crt |
| + | |
| + | change the value for KEYLIFEINDAYS on the first line to the number of days the certificate will remain valid for eg 1826 for 5 years. |
| + | |
| + | Save & exit by pressing the following keys at the same time |
| + | ctrl o |
| + | ctrl x |
| + | |
| + | Create a new self signed certificate, with the longer validity period. Replace the filenames below with the correct file/key names applicable to your server. |
| + | rm /home/e-smith/ssl.crt/servername.domain.com.crt |
| + | rm /home/e-smith/ssl.key/servername.domain.com.key |
| + | rm /home/e-smith/ssl.pem/servername.domain.com.pem |
| + | signal-event post-upgrade |
| + | signal-event reboot |
| + | |
| + | Install the new certificate into your browser. |
| + | |
| + | Also see http://wiki.contribs.org/Certificates_Concepts |
| | | |
| ===Commercial certificates=== | | ===Commercial certificates=== |