2015/05/01 on Yano's digital garage https://www.bravotouring.com/~yano/archives/2015/05/01/ Recent content in 2015/05/01 on Yano's digital garage Hugo en-us Fri, 01 May 2015 23:35:02 +0900 StartSSL更新 https://www.bravotouring.com/~yano/diary/it/20150501startssl.htm Fri, 01 May 2015 23:35:02 +0900 https://www.bravotouring.com/~yano/diary/it/20150501startssl.htm <p>4月26日に<blockquote>This mail is intended for the person who owns a digital certificate issued by the StartSSL™ Certification Authority (http://www.startssl.com/).<br/><br/>The Class 1, server certificate for mail.bravotouring.com and serial number 10XYZ29 (106XYZ) is about to expire in about two weeks. Please log into the StartSSL Control Panel at https://www.startssl.com/?app=12 and get a new certificate for this purpose.</blockquote>というメールが着信。</p> <table align="right" class="Landscape"> <tr> <td><img alt="プール開き" src="https://www.bravotouring.com/~yano/images/2015/20150501.jpg"/></td> </tr> <tr> <td class="PhotoMemo">大掃除の後はプール開き</td> </tr> </table> <p><a href="https://www.startssl.com/">StartSSL</a>から、<a href="https://www.bravotouring.com/~yano/diary/it/20150501startssl.htm">昨年5月に導入</a>した証明書が2週間後に切れるよ~という事だ。<a href="https://www.bravotouring.com/~yano/diary/it/20141120letsencrypt.htm">Let's Encrypt プロジェクト</a>の「2015 年の第二四半期の運用開始」が前倒しになる事を期待していたのだが、取り敢えず<a href="http://yanmoo.blogspot.jp/2013/04/startssl.html">StartSSL更新を行う</a>を参考に<a href="https://www.startssl.com/">StartSSL</a>で証明書を更新してみた。</p> <p>クライアント証明書とサーバ秘密鍵&証明書の更新を無事に終えたら、<a href="https://www.bravotouring.com/~yano/diary/it/20120508vps.htm">さくらのVPS</a>での設定変更。<a href="https://www.startssl.com/">StartSSL</a>で発行した秘密鍵を<span class="Path">/etc/ssl/private/2015.mail.bravotouring.com.key</span>、サーバ証明書を<span class="Path">/etc/ssl/certs/2015.ssl-cert-mail.bravotouring.com.pem</span>としてファイル化する。</p> <p>続いて<span class="Software">apache</span>の設定は<span class="Path">/etc/apache2/sites-available/mail.bravotouring.com.conf</span>の<blockquote cite="/etc/apache2/sites-available/mail.bravotouring.com.conf" class="Log"> <span class="Strong">SSLCertificateFile</span> <span class="Path">/etc/ssl/certs/2015.ssl-cert-mail.bravotouring.com.pem</span><br/> <span class="Strong">SSLCertificateKeyFile</span> <span class="Path">/etc/ssl/private/2015.mail.bravotouring.com.key</span></blockquote>が該当する。</p> <p>SMTPな<span class="Software">postfix</span>の設定が<span class="Path">/etc/postfix/main.cf</span>で、POP3な<span class="Software">dovecot</span>の設定が<span class="Path">/etc/dovecot/conf.d/01-dovecot-postfix.conf</span>だが、証明書類のファイルパスは共通なので <blockquote class="Log"> root@vps:/etc/ssl/private$ ll /etc/ssl/certs/ssl-cert-mail.pem /etc/ssl/private/ssl-mail.key<br/> lrwxrwxrwx 1 root root 66 May 1 23:30 /etc/ssl/certs/ssl-cert-mail.pem -> /usr/share/ca-certificates/startssl/2015.mail.bravotouring.com.pem<br/> lrwxrwxrwx 1 root root 30 May 1 23:28 /etc/ssl/private/ssl-mail.key -> 2015.mail.bravotouring.com.key </blockquote>としてシンボリックリンクを張り替えた後、<blockquote class="Log">$ sudo service postfix restart<br/>$ sudo service dovecot restart</blockquote>でOK。</p>