HomeServer18A
をテンプレートにして作成
[
トップ
] [
新規
|
一覧
|
検索
|
最終更新
|
ヘルプ
]
開始行:
#contents()
AWS 上で運用しているメールサーバーの証明書の更新を行った。
*** (参考) 今回失効する証明書 [#s109f6aa]
[AWS] ubuntu:~/work$ openssl x509 -in /etc/ssl/certs/mai...
notBefore=Jul 21 00:00:00 2016 GMT
notAfter=Sep 27 23:59:59 2019 GMT
発行は 2016/7/21 だが、&color(red){何故か失効は 2019/9/27...
*** 証明書発行の手順 [#l2e2f7a9]
- &ref(cs1-0700310.txt);
------------------------------------------------------
証明書情報
------------------------------------------------------
証明書番号:cs1-0700310
コモンネーム:mail.hmuna.com
CSR:
-----BEGIN CERTIFICATE REQUEST-----
MIICsTCCAZkCAQAwbDELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFn...
DwYDVQQHDAhZb2tvaGFtYTERMA8GA1UECgwISVQgQWRtaW4xCzAJBgNV...
MRcwFQYDVQQDDA5tYWlsLmhtdW5hLmNvbTCCASIwDQYJKoZIhvcNAQEB...
ADCCAQoCggEBAMlZTubDpZGOW8qk0rTFe1x0ixahykS3jnJ++cFZMvyk...
C5DwJHAqRQ5b4uB04HiBALofde7I78iHDPql2lovkTqNhTIvcjBb7yBL...
pdY2OCohSZUH1VoaYmcPXRuZpY++0Uow9mOUsi2z6sqIznZ0bEYC+Omc...
wg0vSsxi5AJDhAmaWLd98T75jB2f9T/MCoSZLkUzKgh+sS172E2myQNx...
5fINekljd6RchDK9WGWJqmJpKBB4RQfvlXwr+numgBlnamgP2DgTCivp...
AyyxnL7CB5yZsjH+paCffTcKOGpaZbXwik0CAwEAAaAAMA0GCSqGSIb3...
A4IBAQBxrutKGVKPSYbsZk66jmdIq4VlkF8oeK9Iqsmt441aw1pNNSWa...
oaf8qbPNFoEbBn4QicbJixO2/P39MuVmrNHPw4o4JOfSIixxuqoNw5zQ...
0K6hYZVvsioO8a30FaN8AWEs48PXjfpdVe7XoTCtW/yePq9wXNTALXRp...
NontS/a7NlMcfu1FNzMprTi45AXVexlskWLY8lRylgE/rvYSfciKPM9f...
RchQ+4rdUT83pGxOEZjr8ZXY049eCuZ437HInKP3uuhwVK2VkKgaPtWj...
VQ1KgYVehRsAsp8VD8DEn2G9owcN
-----END CERTIFICATE REQUEST-----
------------------------------------------------------
ドメイン使用権確認
------------------------------------------------------
確認方法:email
※email:メール認証、http:ファイル認証、cname:DNS認証
承認メールアドレス:admin@hmuna.com
※認証方式がファイル認証の場合、この項目は表示されません。
------------------------------------------------------
その他
------------------------------------------------------
証明書送付先:public_mail@hmuna.com
*** 証明書の購入 [#ye9b9589]
証明書発行会社の名前が から [["SSLストア":https://www.ssl...
- &ref(20190714_state.jpg);
*** Keyファイル と CSR ファイルの対応関係の確認(CSR の発...
- 秘密鍵の module 情報
[AWS] ubuntu:~/.ssh/work$ sudo openssl rsa -in .key -text
Private-Key: (2048 bit)
modulus:
00:be:c7:f2:73:e9:59:4d:60:0f:29:e0:7c:58:ad:
6d:3f:e7:f6:6f:42:d6:22:7b:da:01:ee:76:75:42:
fa:a0:3f:6a:6c:1c:b9:b6:bf:90:d7:c3:15:6b:05:
e5:22:4f:29:0b:17:4e:b5:a4:5c:32:40:10:ed:51:
1a:70:89:39:80:9c:6f:49:1c:99:61:25:39:f0:dc:
1a:03:6e:1f:1a:26:1a:f4:32:10:af:b0:31:fb:47:
e4:9b:33:5a:a4:6f:36:64:ad:c3:c4:e6:8a:75:bd:
d0:5a:5e:74:41:36:00:ce:7b:c7:55:88:64:ac:28:
a6:90:34:70:ae:22:bf:67:82:97:7a:20:63:06:fb:
c5:46:01:fe:47:e7:f5:d7:9b:34:e3:40:03:f3:fb:
8b:1e:84:ec:39:e0:ba:b7:28:cc:58:9b:70:5e:ce:
f6:8e:23:93:45:05:57:dd:76:05:5e:6d:f9:67:f3:
ea:73:3e:f7:f5:72:6f:44:01:c3:36:fd:08:82:c8:
fb:cd:da:a6:ae:4a:7f:72:4e:c9:16:f6:be:83:5d:
fb:2a:fa:0a:d0:fe:e0:e0:ac:38:97:b4:6a:59:b2:
e6:58:77:12:0f:3a:f3:90:bb:7c:c4:bf:e9:60:ee:
c5:a3:61:7e:64:a5:58:5d:bd:62:8b:21:0c:9c:81:
74:8d
publicExponent: 65537 (0x10001)
- CSR (証明書リクエスト) ファイルの module 情報
[AWS] ubuntu:~/.ssh/work$ sudo openssl req -in .csr -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=JP, ST=Kanagawa, L=YOKOHAMA, O=IT adm...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:c7:f2:73:e9:59:4d:60:0f:29:e0:...
6d:3f:e7:f6:6f:42:d6:22:7b:da:01:ee:...
fa:a0:3f:6a:6c:1c:b9:b6:bf:90:d7:c3:...
e5:22:4f:29:0b:17:4e:b5:a4:5c:32:40:...
1a:70:89:39:80:9c:6f:49:1c:99:61:25:...
1a:03:6e:1f:1a:26:1a:f4:32:10:af:b0:...
e4:9b:33:5a:a4:6f:36:64:ad:c3:c4:e6:...
d0:5a:5e:74:41:36:00:ce:7b:c7:55:88:...
a6:90:34:70:ae:22:bf:67:82:97:7a:20:...
c5:46:01:fe:47:e7:f5:d7:9b:34:e3:40:...
8b:1e:84:ec:39:e0:ba:b7:28:cc:58:9b:...
f6:8e:23:93:45:05:57:dd:76:05:5e:6d:...
ea:73:3e:f7:f5:72:6f:44:01:c3:36:fd:...
fb:cd:da:a6:ae:4a:7f:72:4e:c9:16:f6:...
fb:2a:fa:0a:d0:fe:e0:e0:ac:38:97:b4:...
e6:58:77:12:0f:3a:f3:90:bb:7c:c4:bf:...
c5:a3:61:7e:64:a5:58:5d:bd:62:8b:21:...
74:8d
Exponent: 65537 (0x10001)
Attributes:
a0:00
- key ファイル = &ref(mail_hmuna_com_20190705.key);
- csr ファイル = &ref(mail_hmuna_com_20190705.csr);
*** 発行された証明書 [#f838ebf2]
- &ref(mail_hmuna_com.zip);
-- Root CA Certificate - AddTrustExternalCARoot.crt
-- Intermediate CA Certificate - USERTrustRSAAddTrustCA.crt
-- Intermediate CA Certificate - SectigoRSADomainValidati...
-- Your PositiveSSL Certificate - mail_hmuna_com.crt
[AWS] ubuntu:~/work$ openssl x509 -in mail_hmuna_com.crt...
notBefore=Jul 5 00:00:00 2019 GMT
notAfter=Aug 4 23:59:59 2021 GMT
[AWS] ubuntu:~/work$ openssl x509 -in mail_hmuna_com.crt...
subject= /OU=Domain Control Validated/CN=mail.hmuna.com
- [[Positive SSL trusted logo (free):https://www.positive...
*** 発行された証明書の内容確認 &color(red){module 情報が ...
[AWS] ubuntu:~/.ssh/work$ openssl x509 -text < /etc/ssl/...
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:94:c2:22:45:c3:93:40:ec:f0:73:35:be:18:73...
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, ...
Validity
Not Before: Jul 5 00:00:00 2019 GMT
Not After : Aug 4 23:59:59 2021 GMT
Subject: OU=Domain Control Validated, CN=mail.hm...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c9:59:4e:e6:c3:a5:91:8e:5b:ca:a4:...
7b:5c:74:8b:16:a1:ca:44:b7:8e:72:7e:...
32:fc:a4:10:ff:0c:0f:cd:63:0b:90:f0:...
45:0e:5b:e2:e0:74:e0:78:81:00:ba:1f:...
ef:c8:87:0c:fa:a5:da:5a:2f:91:3a:8d:...
72:30:5b:ef:20:4b:26:df:67:d2:4d:3f:...
38:2a:21:49:95:07:d5:5a:1a:62:67:0f:...
a5:8f:be:d1:4a:30:f6:63:94:b2:2d:b3:...
ce:76:74:6c:46:02:f8:e9:9c:cb:9e:93:...
c2:0d:2f:4a:cc:62:e4:02:43:84:09:9a:...
f1:3e:f9:8c:1d:9f:f5:3f:cc:0a:84:99:...
2a:08:7e:b1:2d:7b:d8:4d:a6:c9:03:71:...
53:91:c5:e5:f2:0d:7a:49:63:77:a4:5c:...
58:65:89:aa:62:69:28:10:78:45:07:ef:...
fa:7b:a6:80:19:67:6a:68:0f:d8:38:13:...
3d:f5:f4:df:37:f0:03:2c:b1:9c:be:c2:...
b2:31:fe:a5:a0:9f:7d:37:0a:38:6a:5a:...
8a:4d
Exponent: 65537 (0x10001)
*** AWS 上のメールサーバーに必要なファイルをコピー [#k749...
- ssh を使ったメールサーバー接続
-- ssh -i (秘密鍵) ubuntu@(公開DNS名)
--- 秘密鍵 : &ref(magu-tokyo-messenger.pem);
--- アカウント : ubuntu
--- 接続先 : ec2-13-114-88-171.ap-northeast-1.compute.ama...
- scp を使って証明書ファイルを AWS サーバーにアップロード
-- scp -i (秘密鍵) (転送ファイル名) ubuntu@(公開DN名)&col...
- scp を使ってマージされた中間証明書を AWS サーバーからダ...
munakata@muna-E450:~/mail_cert_wk$ scp -i magu-tokyo-mes...
- サイト証明書 と 中間証明書 をマージ
-- &ref(ssl-bundle.crt);
[AWS] ubuntu:~/work$ cat mail_hmuna_com.crt USERTrustRSA...
-- [[Certificate Installation (Dovecot + Exim):https://su...
-- [[Dovecot SSL configuration:https://wiki.dovecot.org/S...
- key ファイルの入手
*** AWS 上の dovecot の(証明書更新前の)設定情報を確認 [...
- セキュリティ設定がきつく、sudo のサブシェル内でしかファ...
[AWS] ubuntu:/etc$ sudo sh -c "cd ./dovecot; doveconf -n"
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-1087-aws x86_64 Ubuntu 16.04.6 LTS ext4
auth_mechanisms = plain login
first_valid_uid = 150
last_valid_uid = 150
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
postmaster_address = mail-admin@hmuna.com
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0666
user = vmail
}
}
ssl_ca = </etc/apache2/ssl.crt/mail_hmuna_com.ca-bundle ...
ssl_cert = </etc/ssl/certs/mail_hmuna_com.crt <--------...
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS...
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/mail_hmuna.key <-----------...
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
[AWS] ubuntu:/etc$
*** AWS サーバー上の証明書の更新 [#pebbe393]
&color(red){上記の現状の dovecot の設定を生かすため、ファ...
- bundle ファイルから mail.hmuna.com の単独証明書をきりは...
- 秘密鍵(/etc/ssl/offocial_m3/mail_hmuna_com_20190705.ke...
- サーバー証明書(/etc/ssl/offocial_m3/mail_hmuna_com.csr...
- 中間証明所(/etc/ssl/offocial_m3/ssl-bundle.crt)→ /etc...
*** dovecot サーバー再起動 [#i9c1f17d]
[AWS] ubuntu:~$ sudo service postfix stop
[AWS] ubuntu:~$ sudo service dovecot stop
[AWS] ubuntu:~$ sudo service postfix start
[AWS] ubuntu:~$ sudo service dovecot start
[AWS] ubuntu:~$ systemctl status dovecot.service
???ovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; ...
Active: active (running) since Sat 2019-07-27 09:12:2...
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 30118 ExecStop=/usr/bin/doveadm stop (code=ex...
Process: 31311 ExecStart=/usr/sbin/dovecot (code=exite...
Main PID: 31314 (dovecot)
Tasks: 6
Memory: 3.4M
CPU: 28ms
CGroup: /system.slice/dovecot.service
??31314 /usr/sbin/dovecot
??31315 dovecot/anvil
??31316 dovecot/log
??31318 dovecot/config
??31321 dovecot/auth
??31322 dovecot/auth -w
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: Starting Dov...
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: dovecot.serv...
Jul 27 09:12:20 ip-172-31-26-13 dovecot[31314]: master: ...
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: Started Dove...
終了行:
#contents()
AWS 上で運用しているメールサーバーの証明書の更新を行った。
*** (参考) 今回失効する証明書 [#s109f6aa]
[AWS] ubuntu:~/work$ openssl x509 -in /etc/ssl/certs/mai...
notBefore=Jul 21 00:00:00 2016 GMT
notAfter=Sep 27 23:59:59 2019 GMT
発行は 2016/7/21 だが、&color(red){何故か失効は 2019/9/27...
*** 証明書発行の手順 [#l2e2f7a9]
- &ref(cs1-0700310.txt);
------------------------------------------------------
証明書情報
------------------------------------------------------
証明書番号:cs1-0700310
コモンネーム:mail.hmuna.com
CSR:
-----BEGIN CERTIFICATE REQUEST-----
MIICsTCCAZkCAQAwbDELMAkGA1UEBhMCSlAxETAPBgNVBAgMCEthbmFn...
DwYDVQQHDAhZb2tvaGFtYTERMA8GA1UECgwISVQgQWRtaW4xCzAJBgNV...
MRcwFQYDVQQDDA5tYWlsLmhtdW5hLmNvbTCCASIwDQYJKoZIhvcNAQEB...
ADCCAQoCggEBAMlZTubDpZGOW8qk0rTFe1x0ixahykS3jnJ++cFZMvyk...
C5DwJHAqRQ5b4uB04HiBALofde7I78iHDPql2lovkTqNhTIvcjBb7yBL...
pdY2OCohSZUH1VoaYmcPXRuZpY++0Uow9mOUsi2z6sqIznZ0bEYC+Omc...
wg0vSsxi5AJDhAmaWLd98T75jB2f9T/MCoSZLkUzKgh+sS172E2myQNx...
5fINekljd6RchDK9WGWJqmJpKBB4RQfvlXwr+numgBlnamgP2DgTCivp...
AyyxnL7CB5yZsjH+paCffTcKOGpaZbXwik0CAwEAAaAAMA0GCSqGSIb3...
A4IBAQBxrutKGVKPSYbsZk66jmdIq4VlkF8oeK9Iqsmt441aw1pNNSWa...
oaf8qbPNFoEbBn4QicbJixO2/P39MuVmrNHPw4o4JOfSIixxuqoNw5zQ...
0K6hYZVvsioO8a30FaN8AWEs48PXjfpdVe7XoTCtW/yePq9wXNTALXRp...
NontS/a7NlMcfu1FNzMprTi45AXVexlskWLY8lRylgE/rvYSfciKPM9f...
RchQ+4rdUT83pGxOEZjr8ZXY049eCuZ437HInKP3uuhwVK2VkKgaPtWj...
VQ1KgYVehRsAsp8VD8DEn2G9owcN
-----END CERTIFICATE REQUEST-----
------------------------------------------------------
ドメイン使用権確認
------------------------------------------------------
確認方法:email
※email:メール認証、http:ファイル認証、cname:DNS認証
承認メールアドレス:admin@hmuna.com
※認証方式がファイル認証の場合、この項目は表示されません。
------------------------------------------------------
その他
------------------------------------------------------
証明書送付先:public_mail@hmuna.com
*** 証明書の購入 [#ye9b9589]
証明書発行会社の名前が から [["SSLストア":https://www.ssl...
- &ref(20190714_state.jpg);
*** Keyファイル と CSR ファイルの対応関係の確認(CSR の発...
- 秘密鍵の module 情報
[AWS] ubuntu:~/.ssh/work$ sudo openssl rsa -in .key -text
Private-Key: (2048 bit)
modulus:
00:be:c7:f2:73:e9:59:4d:60:0f:29:e0:7c:58:ad:
6d:3f:e7:f6:6f:42:d6:22:7b:da:01:ee:76:75:42:
fa:a0:3f:6a:6c:1c:b9:b6:bf:90:d7:c3:15:6b:05:
e5:22:4f:29:0b:17:4e:b5:a4:5c:32:40:10:ed:51:
1a:70:89:39:80:9c:6f:49:1c:99:61:25:39:f0:dc:
1a:03:6e:1f:1a:26:1a:f4:32:10:af:b0:31:fb:47:
e4:9b:33:5a:a4:6f:36:64:ad:c3:c4:e6:8a:75:bd:
d0:5a:5e:74:41:36:00:ce:7b:c7:55:88:64:ac:28:
a6:90:34:70:ae:22:bf:67:82:97:7a:20:63:06:fb:
c5:46:01:fe:47:e7:f5:d7:9b:34:e3:40:03:f3:fb:
8b:1e:84:ec:39:e0:ba:b7:28:cc:58:9b:70:5e:ce:
f6:8e:23:93:45:05:57:dd:76:05:5e:6d:f9:67:f3:
ea:73:3e:f7:f5:72:6f:44:01:c3:36:fd:08:82:c8:
fb:cd:da:a6:ae:4a:7f:72:4e:c9:16:f6:be:83:5d:
fb:2a:fa:0a:d0:fe:e0:e0:ac:38:97:b4:6a:59:b2:
e6:58:77:12:0f:3a:f3:90:bb:7c:c4:bf:e9:60:ee:
c5:a3:61:7e:64:a5:58:5d:bd:62:8b:21:0c:9c:81:
74:8d
publicExponent: 65537 (0x10001)
- CSR (証明書リクエスト) ファイルの module 情報
[AWS] ubuntu:~/.ssh/work$ sudo openssl req -in .csr -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=JP, ST=Kanagawa, L=YOKOHAMA, O=IT adm...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:be:c7:f2:73:e9:59:4d:60:0f:29:e0:...
6d:3f:e7:f6:6f:42:d6:22:7b:da:01:ee:...
fa:a0:3f:6a:6c:1c:b9:b6:bf:90:d7:c3:...
e5:22:4f:29:0b:17:4e:b5:a4:5c:32:40:...
1a:70:89:39:80:9c:6f:49:1c:99:61:25:...
1a:03:6e:1f:1a:26:1a:f4:32:10:af:b0:...
e4:9b:33:5a:a4:6f:36:64:ad:c3:c4:e6:...
d0:5a:5e:74:41:36:00:ce:7b:c7:55:88:...
a6:90:34:70:ae:22:bf:67:82:97:7a:20:...
c5:46:01:fe:47:e7:f5:d7:9b:34:e3:40:...
8b:1e:84:ec:39:e0:ba:b7:28:cc:58:9b:...
f6:8e:23:93:45:05:57:dd:76:05:5e:6d:...
ea:73:3e:f7:f5:72:6f:44:01:c3:36:fd:...
fb:cd:da:a6:ae:4a:7f:72:4e:c9:16:f6:...
fb:2a:fa:0a:d0:fe:e0:e0:ac:38:97:b4:...
e6:58:77:12:0f:3a:f3:90:bb:7c:c4:bf:...
c5:a3:61:7e:64:a5:58:5d:bd:62:8b:21:...
74:8d
Exponent: 65537 (0x10001)
Attributes:
a0:00
- key ファイル = &ref(mail_hmuna_com_20190705.key);
- csr ファイル = &ref(mail_hmuna_com_20190705.csr);
*** 発行された証明書 [#f838ebf2]
- &ref(mail_hmuna_com.zip);
-- Root CA Certificate - AddTrustExternalCARoot.crt
-- Intermediate CA Certificate - USERTrustRSAAddTrustCA.crt
-- Intermediate CA Certificate - SectigoRSADomainValidati...
-- Your PositiveSSL Certificate - mail_hmuna_com.crt
[AWS] ubuntu:~/work$ openssl x509 -in mail_hmuna_com.crt...
notBefore=Jul 5 00:00:00 2019 GMT
notAfter=Aug 4 23:59:59 2021 GMT
[AWS] ubuntu:~/work$ openssl x509 -in mail_hmuna_com.crt...
subject= /OU=Domain Control Validated/CN=mail.hmuna.com
- [[Positive SSL trusted logo (free):https://www.positive...
*** 発行された証明書の内容確認 &color(red){module 情報が ...
[AWS] ubuntu:~/.ssh/work$ openssl x509 -text < /etc/ssl/...
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6d:94:c2:22:45:c3:93:40:ec:f0:73:35:be:18:73...
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Greater Manchester, L=Salford, ...
Validity
Not Before: Jul 5 00:00:00 2019 GMT
Not After : Aug 4 23:59:59 2021 GMT
Subject: OU=Domain Control Validated, CN=mail.hm...
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:c9:59:4e:e6:c3:a5:91:8e:5b:ca:a4:...
7b:5c:74:8b:16:a1:ca:44:b7:8e:72:7e:...
32:fc:a4:10:ff:0c:0f:cd:63:0b:90:f0:...
45:0e:5b:e2:e0:74:e0:78:81:00:ba:1f:...
ef:c8:87:0c:fa:a5:da:5a:2f:91:3a:8d:...
72:30:5b:ef:20:4b:26:df:67:d2:4d:3f:...
38:2a:21:49:95:07:d5:5a:1a:62:67:0f:...
a5:8f:be:d1:4a:30:f6:63:94:b2:2d:b3:...
ce:76:74:6c:46:02:f8:e9:9c:cb:9e:93:...
c2:0d:2f:4a:cc:62:e4:02:43:84:09:9a:...
f1:3e:f9:8c:1d:9f:f5:3f:cc:0a:84:99:...
2a:08:7e:b1:2d:7b:d8:4d:a6:c9:03:71:...
53:91:c5:e5:f2:0d:7a:49:63:77:a4:5c:...
58:65:89:aa:62:69:28:10:78:45:07:ef:...
fa:7b:a6:80:19:67:6a:68:0f:d8:38:13:...
3d:f5:f4:df:37:f0:03:2c:b1:9c:be:c2:...
b2:31:fe:a5:a0:9f:7d:37:0a:38:6a:5a:...
8a:4d
Exponent: 65537 (0x10001)
*** AWS 上のメールサーバーに必要なファイルをコピー [#k749...
- ssh を使ったメールサーバー接続
-- ssh -i (秘密鍵) ubuntu@(公開DNS名)
--- 秘密鍵 : &ref(magu-tokyo-messenger.pem);
--- アカウント : ubuntu
--- 接続先 : ec2-13-114-88-171.ap-northeast-1.compute.ama...
- scp を使って証明書ファイルを AWS サーバーにアップロード
-- scp -i (秘密鍵) (転送ファイル名) ubuntu@(公開DN名)&col...
- scp を使ってマージされた中間証明書を AWS サーバーからダ...
munakata@muna-E450:~/mail_cert_wk$ scp -i magu-tokyo-mes...
- サイト証明書 と 中間証明書 をマージ
-- &ref(ssl-bundle.crt);
[AWS] ubuntu:~/work$ cat mail_hmuna_com.crt USERTrustRSA...
-- [[Certificate Installation (Dovecot + Exim):https://su...
-- [[Dovecot SSL configuration:https://wiki.dovecot.org/S...
- key ファイルの入手
*** AWS 上の dovecot の(証明書更新前の)設定情報を確認 [...
- セキュリティ設定がきつく、sudo のサブシェル内でしかファ...
[AWS] ubuntu:/etc$ sudo sh -c "cd ./dovecot; doveconf -n"
# 2.2.22 (fe789d2): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.13 (7b14904)
# OS: Linux 4.4.0-1087-aws x86_64 Ubuntu 16.04.6 LTS ext4
auth_mechanisms = plain login
first_valid_uid = 150
last_valid_uid = 150
mail_gid = mail
mail_location = maildir:/var/vmail/%d/%n
mail_uid = vmail
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
postmaster_address = mail-admin@hmuna.com
protocols = " imap pop3"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0666
user = vmail
}
}
ssl_ca = </etc/apache2/ssl.crt/mail_hmuna_com.ca-bundle ...
ssl_cert = </etc/ssl/certs/mail_hmuna_com.crt <--------...
ssl_cipher_list = ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDS...
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/mail_hmuna.key <-----------...
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
[AWS] ubuntu:/etc$
*** AWS サーバー上の証明書の更新 [#pebbe393]
&color(red){上記の現状の dovecot の設定を生かすため、ファ...
- bundle ファイルから mail.hmuna.com の単独証明書をきりは...
- 秘密鍵(/etc/ssl/offocial_m3/mail_hmuna_com_20190705.ke...
- サーバー証明書(/etc/ssl/offocial_m3/mail_hmuna_com.csr...
- 中間証明所(/etc/ssl/offocial_m3/ssl-bundle.crt)→ /etc...
*** dovecot サーバー再起動 [#i9c1f17d]
[AWS] ubuntu:~$ sudo service postfix stop
[AWS] ubuntu:~$ sudo service dovecot stop
[AWS] ubuntu:~$ sudo service postfix start
[AWS] ubuntu:~$ sudo service dovecot start
[AWS] ubuntu:~$ systemctl status dovecot.service
???ovecot.service - Dovecot IMAP/POP3 email server
Loaded: loaded (/lib/systemd/system/dovecot.service; ...
Active: active (running) since Sat 2019-07-27 09:12:2...
Docs: man:dovecot(1)
http://wiki2.dovecot.org/
Process: 30118 ExecStop=/usr/bin/doveadm stop (code=ex...
Process: 31311 ExecStart=/usr/sbin/dovecot (code=exite...
Main PID: 31314 (dovecot)
Tasks: 6
Memory: 3.4M
CPU: 28ms
CGroup: /system.slice/dovecot.service
??31314 /usr/sbin/dovecot
??31315 dovecot/anvil
??31316 dovecot/log
??31318 dovecot/config
??31321 dovecot/auth
??31322 dovecot/auth -w
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: Starting Dov...
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: dovecot.serv...
Jul 27 09:12:20 ip-172-31-26-13 dovecot[31314]: master: ...
Jul 27 09:12:20 ip-172-31-26-13 systemd[1]: Started Dove...
ページ名:
![[PukiWiki]](image/taikyoku.gif "[PukiWiki]")
