Maddy SSL Configuration

Maddy_SSL.sh

# Create a private key for example.int:
# Generate a private key for the domain example.int:

openssl genpkey -algorithm RSA -out /etc/maddy/certs/example.int/privkey.pem -pkeyopt rsa_keygen_bits:2048


# Generate a CSR for example.int:
# Create a Certificate Signing Request (CSR) using the private key:

openssl req -new -key /etc/maddy/certs/example.int/privkey.pem -out /etc/maddy/certs/example.int/example.int.csr -subj "/C=US/ST=California/L=San Francisco/O=My Company/OU=IT Department/CN=example.int"


# Sign the CSR with the Skynet root CA:
# Sign the CSR with your Skynet root CA certificate and private key to generate the certificate for example.int:

# openssl x509 -req -in /etc/maddy/certs/example.int/example.int.csr -CA /etc/maddy/certs/skynet.crt -CAkey /etc/maddy/certs/skynet_private.key -CAcreateserial -out /etc/maddy/certs/example.int/example.int.crt -days 365 -sha256


# Create the fullchain.pem:
# Concatenate the certificate for example.int and the Skynet root CA certificate to create the fullchain.pem:

cat /etc/maddy/certs/example.int/example.int.crt /etc/maddy/certs/skynet.crt > /etc/maddy/certs/example.int/fullchain.pem

# Ensure proper permissions:
# Set the appropriate permissions for the private key:

chmod 600 /etc/maddy/certs/example.int/privkey.pem
chmod 600 /etc/maddy/certs/example.int/fullchain.pem

# Update Maddy configuration:

# Restat Maddy:
sudo systemctl restart maddy


# Add users 
maddy creds create [email protected]
maddy imap-acct create [email protected]

# In most cases, you don't need to restart Maddy when adding a new user.