[enh] not using apache.pem anymore: using /etc/ssl/*/alternc-*.pem|key

etc/alternc/templates/alternc/postfix/postfix-slave.cf

@@ -4,20 +4,36 @@ header_checks = regexp:/etc/postfix/header_checks
 body_checks = regexp:/etc/postfix/body_checks
 local_destination_concurrency_limit = 8
 default_destination_concurrency_limit = 10
+# TLS
 smtpd_use_tls = yes
-smtpd_tls_dcert_file = /etc/alternc/apache.pem
-smtpd_tls_dkey_file = $smtpd_tls_dcert_file
-smtpd_tls_CApath = /etc/ssl/certs/
-smtpd_tls_key_file =  $smtpd_tls_dcert_file
+smtpd_tls_dcert_file = /etc/ssl/certs/alternc-postfix.pem
+smtpd_tls_dkey_file = /etc/ssl/private/alternc-postfix.key
+smtpd_tls_key_file =  $smtpd_tls_dkey_file
 smtpd_tls_cert_file =  $smtpd_tls_dcert_file
+smtp_tls_dcert_file = $smtpd_tls_dcert_file
+smtp_tls_dkey_file = $smtpd_tls_dkey_file
+smtp_tls_cert_file = $smtpd_tls_dcert_file
+smtp_tls_key_file = $smtpd_tls_dkey_file
+smtpd_tls_CApath = /etc/ssl/certs/
+smtp_tls_CApath = $smtpd_tls_CApath
 smtpd_tls_loglevel = 0
 smtpd_tls_received_header = yes
 smtpd_tls_session_cache_timeout = 3600s
 smtp_use_tls = yes
-smtp_tls_dcert_file = $smtpd_tls_dcert_file
-smtp_tls_dkey_file = $smtpd_tls_dcert_file
-smtp_tls_CApath = $smtpd_tls_CApath
 smtpd_tls_auth_only = yes
+smtp_use_tls = yes
+smtp_tls_security_level = may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtp_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
+smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4                                                                                            
+tls_preempt_cipherlist      = yes
+smtpd_tls_mandatory_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtpd_tls_ciphers           = high
+smtp_tls_ciphers           = high
+# SASL
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_local_domain = postfix
 smtpd_sasl_security_options = noanonymous

etc/alternc/templates/alternc/postfix/postfix.cf

@@ -22,18 +22,32 @@ smtpd_client_connection_rate_limit=50
 smtp_mx_session_limit = 1
 #### TLS options
 smtpd_use_tls = yes
-smtpd_tls_dcert_file = /etc/alternc/apache.pem
-smtpd_tls_dkey_file = $smtpd_tls_dcert_file
-smtpd_tls_CApath = /etc/ssl/certs/
-smtpd_tls_key_file =  $smtpd_tls_dcert_file
+smtpd_tls_dcert_file = /etc/ssl/certs/alternc-postfix.pem
+smtpd_tls_dkey_file = /etc/ssl/private/alternc-postfix.key
+smtpd_tls_key_file =  $smtpd_tls_dkey_file
 smtpd_tls_cert_file =  $smtpd_tls_dcert_file
+smtp_tls_dcert_file = $smtpd_tls_dcert_file
+smtp_tls_dkey_file = $smtpd_tls_dkey_file
+smtp_tls_cert_file = $smtpd_tls_dcert_file
+smtp_tls_key_file = $smtpd_tls_dkey_file
+smtpd_tls_CApath = /etc/ssl/certs/
+smtp_tls_CApath = $smtpd_tls_CApath
 smtpd_tls_loglevel = 0
 smtpd_tls_received_header = yes
 smtpd_tls_session_cache_timeout = 3600s
-smtp_tls_dcert_file = $smtpd_tls_dcert_file
-smtp_tls_dkey_file = $smtpd_tls_dcert_file
-smtp_tls_CApath = $smtpd_tls_CApath
 smtpd_tls_auth_only = no
+smtp_use_tls = yes
+smtp_tls_security_level = may
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtp_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
+smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
+smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4                                                                                            
+tls_preempt_cipherlist      = yes
+smtpd_tls_mandatory_ciphers = high
+smtp_tls_mandatory_ciphers = high
+smtpd_tls_ciphers           = high
+smtp_tls_ciphers           = high
 #SASL options
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_local_domain = postfix
@@ -68,20 +82,3 @@ message_size_limit = 100000000
 virtual_mailbox_limit = 0
 mailbox_size_limit = 0
 enable_original_recipient = no
-smtp_tls_dcert_file = $smtpd_tls_dcert_file
-smtp_tls_dkey_file = $smtpd_tls_dcert_file
-smtp_tls_CAfile = $smtpd_tls_CAfile
-smtp_tls_key_file = $smtpd_tls_dcert_file
-smtp_tls_cert_file = $smtpd_tls_dcert_file
-smtp_use_tls = yes
-smtp_tls_security_level = may
-smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
-smtpd_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
-smtp_tls_protocols = TLSv1, TLSv1.1, TLSv1.2
-smtpd_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4
-smtp_tls_exclude_ciphers = aNULL, DES, 3DES, MD5, DES+MD5, RC4                                                                                            
-tls_preempt_cipherlist      = yes
-smtpd_tls_mandatory_ciphers = high
-smtp_tls_mandatory_ciphers = high
-smtpd_tls_ciphers           = high
-smtp_tls_ciphers           = high

etc/alternc/templates/dovecot/conf.d/95_alternc.conf

@@ -157,9 +157,7 @@ ssl = yes
 # dropping root privileges, so keep the key file unreadable by anyone but
 # root.
 #ssl_cert = </etc/dovecot/dovecot.pem
-#ssl_cert_file = /etc/alternc/apache.pem
 #ssl_key = </etc/dovecot/dovecot.pem
-#ssl_key_file = /etc/alternc/apache.pem
 
 
 # ----------------------------------------------------------------------------

etc/alternc/templates/dovecot/conf.d/96_ssl.conf

@@ -1,5 +1,5 @@
 # Don't change this file, it will be overwriten by alternc.install.
 # Change ssl parameters in a file named 99_ssl.conf instead"
 
-ssl_cert = </etc/alternc/apache.pem
-ssl_key = </etc/alternc/apache.pem
+ssl_cert = </etc/ssl/certs/alternc-dovecot.pem
+ssl_key = </etc/ssl/private/alternc-dovecot.key

etc/alternc/templates/proftpd/proftpd.conf

@@ -128,8 +128,8 @@ TransferLog /var/log/proftpd/xferlog
        TLSRequired off
 
        # Server's certificate
-       TLSRSACertificateFile /etc/alternc/apache.pem
-       # TLSRSACertificateKeyFile /etc/ftpd/server.key.pem
+       TLSRSACertificateFile /etc/ssl/certs/alternc-proftpd.pem
+       TLSRSACertificateKeyFile /etc/ssl/private/alternc-proftpd.key
 
        # CA the server trusts
        # TLSCACertificateFile /etc/ftpd/root.cert.pem