[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-user
Subject: Re: how to renew a security certificate?
From: Michael Wagner <michaeldebian () web ! de>
Date: 2009-11-30 13:16:38
Message-ID: 20091130131638.GA11280 () workstation ! debianwalf ! dyndns ! org
[Download RAW message or body]
* Nick Douma <n.douma@nekoconeko.nl> 28.11.2009
> Florian Weimer wrote:
> > * Boyd Stephen Smith, Jr.:
> >
> >> Who set up the dovecot installtion? Dovecot doesn't use a certificate by
> >> default, so the person that generated the cert and got it signed would be the
> >> best source of information on the cert.
> >
> > dovecot-common's postinst in etch automatically generates a
> > certificate which is valid for one year. Not sure about lenny.
>
> Pretty sure lenny does it as well. I run lenny on my server with with
> IMAPS and I don't recall creating a certificate.
And when the certificate is after one year no more valid, it's simple to
generate a new one. From /usr/share/doc/dovecot.common/README.Debian:
How to regenerate your self-signed SSL certificate
--------------------------------------------------
In order to regenerate the self-signed SSL certificate for dovecot, you
have to remove both the old certificate and the old key, and then
reconfigure the package dovecot-common.
For example, in a standard installation:
# rm /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem
# dpkg-reconfigure dovecot-common
Or one can generate a certificate with openssl by himself:
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \
-keyout /etc/ssl/private/dovecot.pem
The command above gives you a certificate which is valid for 10 years.
Hth Michael
--
Death is just God's way of dropping carrier.
["signature.asc" (application/pgp-signature)]
--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic