I've been searching for the correct file to change the certificates too this weekend, initially i suspected /etc/httpd/conf.d/ssl.conf is the relevant one (thats the path on CentOS 5, other Distros may differ), where the certificates are included. However changing them there had no effect whatsoever on webmail/SAC, which left me a little wondering.
Finally I found that I had to change this in the two files matched by:
/etc/opt/scalix-tomcat/connector/*/instance*conf
And now it's working fine. I've got a PositiveSSL Certificate from PSW Group / Comodo (https://www.psw.net/) for only 13€/Year and things seem to be working perfectly fine now with:
Code: Select all
SSLCertificateFile /etc/pki/tls/certs/scalix.thecompany.de.crt
SSLCertificateKeyFile /etc/pki/tls/private/scalix.thecompany.de.key
SSLCertificateChainFile /etc/pki/tls/certs/PositiveSSL.ca-bundle.crt
in those two files. I've also copied the contents of those files (CRT+KEY+CABUNDLE) into a single PEM file (stunnel.pem) and stunnel seems to be very happy with this too