>From Rick Nelson: openssl ======= Sendmail (both in Etch and in Lenny) optionally creates default OpenSSL certificates at install time. The key rollover procedure is trivial: /usr/share/sendmail/update_tls new If you have customized the templates in /etc/mail/tls, those values will be re-used to create the new certificates