HOWTO: enable SSL (Secure Socket Layer) with Open Webmail (and your Web Site)
=============================================================================
by Thomas Chung (tchung AT openwebmail.org)
Last Updated: 2003-02-03

References:
RH71 Reference Guide (p167)
RH73 Customizaton Guide (p136-p140)

1) make sure you have mod_ssl and openssl installed in your redhat box

# rpm -q mod_ssl openssl (from RH73)
mod_ssl-2.8.12-2
openssl-0.9.6b-28

2) go to httpd config directory

# cd /etc/httpd/conf

3) remove the fake key and certificate that were generated during the installation with following command.

# rm ssl.key/server.key
# rm ssl.crt/server.crt

4) use following command to create your own key

# /usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key

Generating RSA private key, 1024 bit long modulus
.................................++++++
..++++++
e is 65537 (0x10001)

5) use following command to make sure the permissions are set correctly on your key.

# chmod 600 /etc/httpd/conf/ssl.key/server.key

6) use following command to create a self-signed certicate

# make testcert

You will see something similar to following and you will need to answer several questions

[root@www conf]# make testcert
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -x509 -days 365 -out /etc/httpd/conf/ssl.crt/server.crt
Using configuration from /usr/share/ssl/openssl.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:California
Locality Name (eg, city) []:Pasadena
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Open Webmail Project
Organizational Unit Name (eg, section) []:Thomas Chung
Common Name (eg, your name or your server's hostname) []:openwebmail.org
Email Address []:tchung@openwebmail.org
[root@www conf]#

7) Use following command to restart web server

# service httpd restart

8) Test your certicate from your browser

https:///cgi-bin/openwebmail/openwebmail.pl

9) You will see something similar to following

+----------------------------------------------------------+
| Website Certified by an Unknown Authority |
| |
| There is a problem with the certificate that identifies |
| "". Do you want to continue? |
| |
| The certificate was issued by a certificate authority |
| that Mozilla does not recognize |
| |
| [ View Certificate ] |
| |
| [ ] Remember this certificate permanently |
| |
| [ Continue ] [ Cancel ] [ Help ] |
+----------------------------------------------------------+

You can either just click on [ Continue ] button or
check on the box for "Remember..." then click on [ Continue ] button
to avoid this message in the future ( for about a year)