Michał Masłowski <[email protected]> writes: >>> postfix on repo should be. >> >> have you restarted it? > > It uses these files: > -rw------- 1 root root 3247 Sep 28 2011 > /etc/ssl/private/mail.parabolagnulinux.org.key > -rw-r--r-- 1 root root 1830 Sep 28 2011 > /etc/ssl/certs/mail.parabolagnulinux.org.crt > > This doesn't suggest them being updated, we could remove them and use > the *.parabolagnulinux.org certificates.
no, i just renewed the keys i mentioned > Dovecot is configured to use it too, although with all protocols > disabled it's not needed (it provides only authentication for Postfix). > >>> Do we have a policy of replacing private keys? >> >> i didn't replace them, but we have a key per host while we can have just >> a parabola key (easier on configs?). what are you thinking? > > We could have one key pair at once on both servers, renew the public key > once per six months and replace the private key once or twice per year. > Having more than one key per server leads to forgotten keys like the > mail one. Two separate keys one for each server will have overlapping > names, so they shouldn't be more secure than one key for both. why would it be necessary to change keys? for security problems?
pgpD_Get8ryj3.pgp
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabolagnulinux.org/mailman/listinfo/dev
