HOWTO: Make the most use of your RapidSSL-cert!

[Beliaz]

I've ordered a certificate for my domain from RapidSSL I want to use on all my services on my server.
This is what I've done so far...:

• Created a CSR by running this commands:
  openssl req -new -nodes -keyout www.domainname.tld.key -out www.domainname.tld.csr -newkey rsa:2048
  cat www.domainname.tld.csr
• Copied the CSR and ordered my certificate from http://www.rapidssl.com/buy-ssl/ssl-certificate/
• When I received my cert by mail, I saved it as www.domainname.tld.crt.
• Downloaded the RapidSSL Intermediate CA from https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548. Chosed Bundled CA Version (PEM) and saved it as intermediate.crt
• Changed the "Administration interface TCP port" at System --> General to 444
• Enabled all certificates in Certification Authority --> Services Certificates
• Enabled "Listening SSL port" in Web Server. Also changed SSL Support for my domain www.domainname.tld to "Force SSL"
• Copied www.domainname.tld.crt, www.domainname.tld.key and intermediate.crt to /etc/apache2/ssl/ and chmodded them to 400
• Replaced all occurances of SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile in /usr/share/zentyal/stubs/webserver/default-ssl.mas with these values:
  SSLCertificateFile      /etc/apache2/ssl/www.domainname.tld.crt
  SSLCertificateKeyFile   /etc/apache2/ssl/www.domainname.tld.key
  SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
  
• Replaced all occurances of SSLCertificateFile, SSLCertificateKeyFile and SSLCertificateChainFile in /usr/share/zentyal/stubs/webserver/vhostHttps.mas with these values:
  SSLCertificateFile      /etc/apache2/ssl/www.domainname.tld.crt
  SSLCertificateKeyFile   /etc/apache2/ssl/www.domainname.tld.key
  SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
• Commented out all occurances of SSLCertificateFile and SSLCACertificatePath in /usr/share/zentyal/stubs/core/apache.mas and replaced each occurance with these values:
  SSLCertificateFile      /etc/apache2/ssl/www.domainname.tld.crt
  SSLCertificateKeyFile   /etc/apache2/ssl/www.domainname.tld.key
  SSLCertificateChainFile /etc/apache2/ssl/intermediate.crt
• Restarted all services with:
  /etc/init.d/zentyal restart

Now I can safely:

• Go to my web page by typing either http://www.domainname.tld or https://www.domainname.tld (http will be redirected to https)
• Administrate my Zentyal-server by typing https://www.domainname.tld:444 (http://www.domainname.tld:444 gives me an ugly error. Please advice me how to automtically get redirected to https)
• Check my mails in Zarafa by entering either http(s)://www.domainname.tld/webapp/ or http(s)://www.domainname.tld/webaccess/ (http will be redirected to https)
• Syncing my Android-phone with Zarafa (mail, contacts and calendar) by choosing www.domainname.tld as mail server and enabling SSL

I suppose all I have to do when certificate expires is to use my original CSR and renew at RapidSSL and then replace /etc/apache2/ssl/www.domainname.tld.crt with the new cert and restart the zentyal service?!

TODO:

• Use SSL with Zarafa Outlook Plug-In does not work. (I see there are references to ssl in /usr/share/zentyal/stubs/zarafa/*.cfg.mas but what should I enter to be able to use my cert?)
• Use SSL with FTP. (I don't use FTP personally, but for this post to be a complete reference, please give advices)
• Use SSL with User Corner. (I don't use User Corner personally, but for this post to be a complete reference, please give advices)
• Use SSL with POP3 and IMAP. (I don't use POP3 or IMAP personally, but for this post to be a complete reference, please give advices)
• Do you know of any usage of SSL in an Zentyal server i have forgot to mension, feel free to comment...

Is it something in my guide You feel that I could have done in a better way, please comment. When this guide is complete I think it would be in Documentation or Wiki.

/ Bengt-Erik