Aug 302010
 

By default centos 5.x has openssl-0.9.8e which is not have tls extention for  sni support. this is workaround on how to get nginx 0.8.48 rpm with TLS SNI enabled

Step 1:

download openssl source, example  openssl-0.9.8l. extract it in /usr/src

$ cd /usr/src
$ wget http://www.openssl.org/source/openssl-0.9.8l.tar.gz
$ tar xvzf openssl-0.9.8l.tar.gz

Step 2:

Download nginx rpm source, example nginx-0.8.49-1.el5.src.rpm

$ wget http://centos.alt.ru/pub/nginx/0.8/RHEL/SRPMS/nginx-0.8.49-1.el5.src.rpm
$ rpm -Uvh nginx-0.8.49-1.el5.src.rpm

Move to directory where the spec file is in and edit nginx.spec

$ cd /path/to/rpm/SPECS/
$ vi nginx.spec

Continue reading »

Dec 112009
 

It’s time to make our SMTP transactions encrypted using TLS. TLS itself stands for Transport Layer Security. it encrypts the communication between two hosts.

As usual when building postfix RPM package, i recommended using tutorial on how to compile postfix rpm source at Simon J Mudd’s website

When you’ve done with compiling postyfix with TLS support, continue to these how to create self signed postfix tls certificates

  • Certificates part
  • # cd /etc/postfix
    # mkdir ssl
    # cd ssl
    # mkdir certs crl newcerts private
    # echo "01" > serial
    # cp /dev/null index.txt
    # cat /etc/pki/tls/openssl.cnf | sed -e 's/\/etc\/pki\/CA/\./' | sed -e 's/\.\/demoCA/\./' > openssl.cnf
    
    # openssl req -new -x509 -keyout private/cakey.pem -out cacert.pem -days 3650 -config openssl.cnf
    # openssl req -nodes -new -x509 -keyout newreq.pem -out newreq.pem -days 3650 -config openssl.cnf
    # openssl x509 -x509toreq -in newreq.pem -signkey newreq.pem -out tmp.pem
    
    # openssl ca -config openssl.cnf -policy policy_anything -out newcert.pem -infiles tmp.pem
    
    # cp cacert.pem /etc/postfix
    # grep -B 100 "END PRIVATE KEY" newreq.pem > /etc/postfix/key.pem
    # chmod 400 /etc/postfix/key.pem
    # cp newcert.pem /etc/postfix/cert.pem
    

    Continue reading »