Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
1
Installation and Upgrades / [HOWTO] How to install third party SSL certificates in Zentyal 4.0
« on: February 13, 2015, 08:16:44 am »
This appears to be working for me but I take no responsibility if it messes up your system. Always make sure you have a good backup first!
Since I couldn't find a way to import my StartSSL/StartCOM certificate into Zentyal via web admin, I tinkered around on the command line and it appears you can do it one of two ways. The first way is to create a cert for the CN you want in the web admin then just overwrite the files for it, and the second is to just add it to the CA's list of certificates directly in the filesystem. I have no idea which is better, but it seems to me that adding at the GUI then overwriting is the safer bet in case there is something going on somewhere I didn't find.
Sorry if the writing is a bit terse, it is pretty late when I am posting this. If it is unclear please let me know and I will try to fix it. Anyway, here we go!
First create a certificate in web administration under Certification Authority->General using your CN (not including top level domain. e.g. for mail.domain.com just use mail). Since we are going to overwrite it the days to expire field doesn't strictly matter, but you should set it so it shows your real cert's expiration day for your reference.
Once that is done we need to drop to the command line. I will assume you are at an admin prompt or a lot of these will need sudo in front of them. The first thing we need to do is go to /var/lib/zentyal/CA and look at the index.txt file. Find the line with your CN on it and look at the second number on the line. That is the serial number of the cert you will be overwriting.
Copy your cert file to /var/lib/zentyal/CA/certs and name it <serial number used in index.txt>.pem
Change the ownership and set the permissions to match the other certs:
Copy your private key file to /var/lib/zentyal/CA/private
Change owner and permissions again then remove the password from it with this command:
Generate a public key and put it in the right folder:
Create the p12 version and put it where it belongs. When prompted for the export password don't use one, just hit enter:
You can now go back to web admin and assign the cert to your services under Certification Authority->Services Certificates. Click the button in the action column to edit the service(s) you want and set the common name to the CN used at the beginning. Check the enable box and click change, then save settings in the top right. That should be it!
If you want to try adding directly from the command line and not overwriting a cert just add your own line to index.txt. It seemed to work just as well and I didn't even have to restart any services. That being said I will reiterate that it is probably a less safe way to go as it is more prone to error and might not do something else the web admin does when setting up a cert.
Hopefully this is helpful to someone and will save them hours I just had to spend
Since I couldn't find a way to import my StartSSL/StartCOM certificate into Zentyal via web admin, I tinkered around on the command line and it appears you can do it one of two ways. The first way is to create a cert for the CN you want in the web admin then just overwrite the files for it, and the second is to just add it to the CA's list of certificates directly in the filesystem. I have no idea which is better, but it seems to me that adding at the GUI then overwriting is the safer bet in case there is something going on somewhere I didn't find.
Sorry if the writing is a bit terse, it is pretty late when I am posting this. If it is unclear please let me know and I will try to fix it. Anyway, here we go!
First create a certificate in web administration under Certification Authority->General using your CN (not including top level domain. e.g. for mail.domain.com just use mail). Since we are going to overwrite it the days to expire field doesn't strictly matter, but you should set it so it shows your real cert's expiration day for your reference.
Once that is done we need to drop to the command line. I will assume you are at an admin prompt or a lot of these will need sudo in front of them. The first thing we need to do is go to /var/lib/zentyal/CA and look at the index.txt file. Find the line with your CN on it and look at the second number on the line. That is the serial number of the cert you will be overwriting.
Copy your cert file to /var/lib/zentyal/CA/certs and name it <serial number used in index.txt>.pem
Change the ownership and set the permissions to match the other certs:
Code: [Select]
chmod 666 <serial>.pem
chown ebox:ebox <serial>.pemNote: Make sure your <serial>.pem file ends on an empty line. The one I got from StartSSL/StartCOM did not and it caused trouble when Zentyal tried to assign it to services.Copy your private key file to /var/lib/zentyal/CA/private
Change owner and permissions again then remove the password from it with this command:
Code: [Select]
chmod 666 <CN>.pem
chown ebox:ebox <CN>.pem
openssl rsa -in <your key>.key -out <CN>.pem
Generate a public key and put it in the right folder:
Code: [Select]
openssl rsa -in <CN>.pem -pubout > ../keys/<CN>.pem
cd ../keys folder
chmod 666 <CN>.pem
chown ebox:ebox <CN>.pemCreate the p12 version and put it where it belongs. When prompted for the export password don't use one, just hit enter:
Code: [Select]
cd ../p12 folder
cat ../private/<CN>.pem ../certs/<serial>.pem > temp.pem
openssl pkcs12 -export -in temp.pem -out <CN>.p12
chown ebox:ebox <CN>.p12
rm temp.pemYou can now go back to web admin and assign the cert to your services under Certification Authority->Services Certificates. Click the button in the action column to edit the service(s) you want and set the common name to the CN used at the beginning. Check the enable box and click change, then save settings in the top right. That should be it!
If you want to try adding directly from the command line and not overwriting a cert just add your own line to index.txt. It seemed to work just as well and I didn't even have to restart any services. That being said I will reiterate that it is probably a less safe way to go as it is more prone to error and might not do something else the web admin does when setting up a cert.
Hopefully this is helpful to someone and will save them hours I just had to spend
2
Installation and Upgrades / [HOWTO] Mailman and Zentyal 4.0
« on: February 11, 2015, 07:51:13 am »
I wanted to get mailman working with Zentyal 4.0 so I could have full mailing list/listserv support. I found this thread: https://forum.zentyal.org/index.php?topic=6671.0 which provided an excellent starting point but was for an older version of Zentyal, apache, etc. Below are G2LOQ's instructions that I modified for the current version.
As of the time of this posting Zentyal was at 4.0.5, Apache was 2.4.7 and apt-get installed mailman 2.1.16.
This seems to be working for me so far but my configuration is pretty simple. I am just using Zentyal for OpenChange and Jabber. In particular there was a lot of talk in that thread about Zarafa potentially being a problem, but I am not running it. Good luck and please post any problems with the instructions below. Thanks!
Note: Zentyal updates may overwrite /usr/share/zentyal/stubs/mail/main.cf.mas, requiring you to re-do the changes.
First of all, install mailman package:
Create the required mailman list:
Check your mailman installation (check permission file) :
Create the file /etc/apache2/conf.available/mailman-apache.conf
Tell Apache to enable the new configuration and allow cgi with these commands:
Next, modify mailman configuration in /etc/mailman/mm_cfg.py:
Postfix must now be informed that we're going to use mailman. We have to modify /usr/share/zentyal/stubs/mail/main.cf.mas
Force the templates to be redeployed by restarting the Mail on the Zentyal dashboard.
You can now create your own mailing list via the web interface (https://domain.com/mailman) or with the command line newlist.
As of the time of this posting Zentyal was at 4.0.5, Apache was 2.4.7 and apt-get installed mailman 2.1.16.
This seems to be working for me so far but my configuration is pretty simple. I am just using Zentyal for OpenChange and Jabber. In particular there was a lot of talk in that thread about Zarafa potentially being a problem, but I am not running it. Good luck and please post any problems with the instructions below. Thanks!
Note: Zentyal updates may overwrite /usr/share/zentyal/stubs/mail/main.cf.mas, requiring you to re-do the changes.
First of all, install mailman package:
Code: [Select]
$ sudo apt-get install mailmanCreate the required mailman list:
Code: [Select]
$ sudo newlist mailmanCheck your mailman installation (check permission file) :
Code: [Select]
$ cd /usr/lib/mailman
$ sudo bin/check_perms -fCreate the file /etc/apache2/conf.available/mailman-apache.conf
Code: [Select]
#------------------------------------------------------------
# mailman
#------------------------------------------------------------
# We can find mailman here
Alias /cgi-bin/mailman /usr/lib/cgi-bin/mailman
# And the public archives:
Alias /pipermail/ /var/lib/mailman/archives/public/
Alias /mailman/public /var/lib/mailman/archives/public
# Logos:
Alias /images/mailman/ /usr/share/images/mailman/
# Redirect to mailman start page
RedirectMatch ^/mailman[/]*$ /cgi-bin/mailman/listinfo
<Directory /usr/lib/cgi-bin/mailman>
Options +ExecCGI
SetHandler cgi-script
AllowOverride None
Require all granted
</Directory>
<Directory /var/lib/mailman/archives/public>
Options Indexes Includes FollowSymLinks
Require all granted
</Directory>
<Directory /usr/share/images/mailman/>
AllowOverride None
Require all granted
</Directory>Tell Apache to enable the new configuration and allow cgi with these commands:
Code: [Select]
$ sudo a2enconf mailman-apache.conf
$ sudo a2enmod cgidNext, modify mailman configuration in /etc/mailman/mm_cfg.py:
Code: [Select]
DEFAULT_EMAIL_HOST = 'domain.com'
DEFAULT_URL_HOST = 'domain.com'
[...]
MTA='Postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['domain.com']Postfix must now be informed that we're going to use mailman. We have to modify /usr/share/zentyal/stubs/mail/main.cf.mas
Code: [Select]
[...]
alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
[...]
virtual_alias_maps = ldap:valiases, hash:/var/lib/mailman/data/virtual-mailman
[...]
# Mailman
owner_request_special = no
mailman_destination_recipient_limit = 1Force the templates to be redeployed by restarting the Mail on the Zentyal dashboard.
You can now create your own mailing list via the web interface (https://domain.com/mailman) or with the command line newlist.
Pages: [1]