Chapter 2. System

2.1. Services

2.1.1. Start and Stop Services

By selecting the menu item "services" the state of each system service can be shown. If you right click on a service, you can start, stop or re-start the service. Furthermore, you can choose to start the service by booting the system and to monitor the service. Then the admin will receive an email notification if the service fails to start.

2.1.2. System Time

At this tab you can manually set the system time. Time can be set with drop-down fields and be saved afterwards.

2.1.3. Time Server

Additionally, time can be synchronized with a time server. This is possible once or in hourly or daily intervals. For this purpose enter the IP address or the hostname of the time server and choose an interval.

If you do not run your own NTP server in your network, just enter pool.ntp.org (or a local version such as us.pool.ntp.org). This address refers to a cluster of lots of publicly available NTP servers (see NTP Pool Project).

For this to work, a working DNS server has to be set up.

2.1.4. Restart / Shutdown

At the tab "Shutdown System" you can reboot or shut down the system.

2.2. Certificate / Key Management

Certificates and keys are required to encrypt communications with the web interface as well as the mail traffic. They guarantee the authenticity, confidentiality and integrity of the data to third parties. Free signed SSL certificates are available at http://www.cacert.org.

Under the menu item "Certificate / Key Management" they can be managed. You can even create certificates and sign it with your own key. You can also import or delete existing certificates.

2.2.1. Manage Certificates

Using the tab "Manage Installed Certificates" all certificates existing on the system are displayed. If you want to delete a certificate, tick the box on the left of the certificate and click on the button "delete". The default certificate "default.crt", which is used for all services of the system, cannot be deleted.

[Note]

If you want to replace "default.crt", you must either create a new certificate for all services or import an existing certificate.

2.2.2. Create Own Certificates

To create a certificate yourself, click on the tab "Generate Self Signed Certificate and Key", fill in all fields and create the certificate by clicking on "Generate Key". If you choose "all" at the drop-down field "service", you can create a default certificate. This is always used if no other certificates are available specific to a service. All other choices for "service" create a certificate for the respective service.

2.2.3. Upload Certificates

If you want to upload an existing certificate, click on the tab "Upload Certificate" and click on "Browse" to choose the file from your hard disk. Select the file with the certificate and click "Open". After the dialog closed itself you have to select the service to which your certificate shall apply. Finally, you should delete any remaining duplicates.

Currently only PEM-encoded certificates with the private key and the actual certificate concatenated are supported. These files usually have the file extension ".pem" or ".crt". If you have seperate files for the private key and the certificate, you can combine them using

cat private.key cert.crt > combined.pem

A properly formatted file should look like this:

-----BEGIN PRIVATE KEY-----
...encoded key...
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
...encoded certificate...
-----END CERTIFICATE-----
[Important]

Currently there is a bug preventing error messages from being shown when problematic certificates are uploaded. These certificates will not be installed and the action will fail silently. Therefore, please double-check that your certificate is PEM-encoded and that it contains first the private key and then the certificate. Also ensure that the private key is not encrypted.