Good practice for Certificate (site and Certification Authority)


Running a WordPress site on an apache server running on Linux UBUNTU behind HAPROXY.

I was using the WordPress plugin WP Mail SMTP, the pluging was unable to send email via SMTP : 465 (SSL/TLS), due to “a certificate problem”.

My servers are all (apache, SMTP…) running locally with a self signed certificate.

I was placing all the certificates (server and Certification authority) inside /etc/ssl/certs.

Tools used :

  • Ubuntu
  • WordPress with plugin WP Mail SMTP
  • Postfix/Dovecot

The settings :

Certification authority

Put the certificate *.crt obtained from the CA authority in /usr/local/share/ca-certificates (root:root permission 640)

Run the command: sudo update-ca-certificates

this will:

  • place a symbolic link of the .crt inside /etc/ssl/certs
  • append the certificate at the end of the file /etc/ssl/certs/ca-certificates.crt

server certificates:

Put the certificate *.crt files self signed by the CA authority in /etc/ssl/certs (root:root permission 640)

Put the private key *.key files in /etc/ssl/private/ (Owner root:ssl-cert permissions 640)

Related posts

Let’s keep contact

Vincent EUDIER

Vincent EUDIER is a 15 years experience Energy Project / Program Manager with strong emphasis on development,

My résumé