Updating Expired Private SSL Certs
Odds are you don't have a "real" ssl cert to encrypt your IMAP mail sessions. This is fine; it means that your sessions are still encrypted, but "anal" clients like Outlook will get their panties in a bunch because your cert is not "blessed". (Note that Outlook will still work fine; however it will complain about the cert's lack of legitimacy every time you try to connect to the server.)I installed the cyrus-imapd that came with Fedora Core 3. As part of that installation, it (or something it depends on) made me a nice private certificate.Eventually your fake cert will expire and you'd like to generate a new one.Here is what I did:# openssl req -new -nodes -out req.pem -keyout key.pem # openssl rsa -in key.pem -out new.key.pem # openssl x509 -in req.pem -out ca-cert -req -signkey new.key.pem -days 999 # cp new.key.pem xdroop.pem # cat ca-cert >> xdroop.pem # mv xdroop.pem /usr/share/ssl/certs
tls_cert_file: /usr/share/ssl/certs/xdroop.pem tls_key_file: /usr/share/ssl/certs/xdroop.pem tls_ca_file: /usr/share/ssl/certs/xdroop.pem
Source)
no comments |
post comment
Virtual Dave Megaplex:
- Home Page
- This wiki's start page
- Send Feedback To Dave
Logged in Users: (1)
Recently Changed
start- FortiClient Error Codes
- Scan For Newly Added Disk
- dhparams Generation
- SSL Certificate Bundles
- Seconds Since Epoch to Local Time
- ufw
- Grow A LVM Partition
- Creating Users
- whoami
- list databases
- DH Selection For IPsec VPNs
- 2023
- 2022
- 2019
- 2018
- 2017
- 2011
- 2010
- 2008
- 2001
- 2000
- 1999
- 1991
- Fire Eater
- Custom '77 Dodge Van
- Bone Shaker
- Batmobile
- Fire Eater Wanted
- dvr-scan
Editing: snipsnap-help, Image Macro(Et auditum est, et idcirco ego nunc simulare)
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.