Re: how to renew a security certificate?
* Nick Douma n.do...@nekoconeko.nl 28.11.2009 Florian Weimer wrote: * Boyd Stephen Smith, Jr.: Who set up the dovecot installtion? Dovecot doesn't use a certificate by default, so the person that generated the cert and got it signed would be the best source of information on the cert. dovecot-common's postinst in etch automatically generates a certificate which is valid for one year. Not sure about lenny. Pretty sure lenny does it as well. I run lenny on my server with with IMAPS and I don't recall creating a certificate. And when the certificate is after one year no more valid, it's simple to generate a new one. From /usr/share/doc/dovecot.common/README.Debian: How to regenerate your self-signed SSL certificate -- In order to regenerate the self-signed SSL certificate for dovecot, you have to remove both the old certificate and the old key, and then reconfigure the package dovecot-common. For example, in a standard installation: # rm /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem # dpkg-reconfigure dovecot-common Or one can generate a certificate with openssl by himself: openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \ -keyout /etc/ssl/private/dovecot.pem The command above gives you a certificate which is valid for 10 years. Hth Michael -- Death is just God's way of dropping carrier. signature.asc Description: Digital signature
Re: how to renew a security certificate?
* Boyd Stephen Smith, Jr.: Who set up the dovecot installtion? Dovecot doesn't use a certificate by default, so the person that generated the cert and got it signed would be the best source of information on the cert. dovecot-common's postinst in etch automatically generates a certificate which is valid for one year. Not sure about lenny. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: how to renew a security certificate?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Florian Weimer wrote: * Boyd Stephen Smith, Jr.: Who set up the dovecot installtion? Dovecot doesn't use a certificate by default, so the person that generated the cert and got it signed would be the best source of information on the cert. dovecot-common's postinst in etch automatically generates a certificate which is valid for one year. Not sure about lenny. Pretty sure lenny does it as well. I run lenny on my server with with IMAPS and I don't recall creating a certificate. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksRiI0ACgkQkPq5zKsAFigMaQCfV2QJz7+BgM1oiNB8fSVRi/oL cvQAoIbmT9I/GUSAtjPxPahlFYNWXAEr =hgjy -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Re: how to renew a security certificate?
On Thursday 17 September 2009 14:06:50 Robert P. J. Day wrote: i'm hoping this is an easy one, even though i'm going thru the docs as we speak. on a functioning debian system, for the last many weeks, the clients who have fired up their thunderbird clients have been told: mail.XXX.com is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 7/7/2009 2:06PM mail is still being delivered, though, but it would be nice to make that diagnostic go away. i have a screen cap of the dialog box, which makes it clear it's related to dovecot. is there a simple recipe for renewing that cert (something i've never had occasion to do)? just pointing me at the appropriate web page would be fine. and is that enough info to know how to solve the problem? an expert mail admin i'm not. Who set up the dovecot installtion? Dovecot doesn't use a certificate by default, so the person that generated the cert and got it signed would be the best source of information on the cert. You can check your dovecot configuration files to determine the cert that it is presenting to the users. IIRC, certificates aren't generally renewed so much as a new certificate is generated (you basically choose the expiration date then) and a CA will sign the new certificate. openssl should have various utilities for inspecting and manipulating certs. You can even be your own CA that way. -- Boyd Stephen Smith Jr. ,= ,-_-. =. b...@iguanasuicide.net ((_/)o o(\_)) ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-' http://iguanasuicide.net/\_/ signature.asc Description: This is a digitally signed message part.