[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to renew a security certificate?



On Thursday 17 September 2009 14:06:50 Robert P. J. Day wrote:
>   i'm hoping this is an easy one, even though i'm going thru the docs
> as we speak.  on a functioning debian system, for the last many weeks,
> the clients who have fired up their thunderbird clients have been
> told:
>
> "mail.XXX.com is a site that uses a security certificate to encrypt
> data during transmission, but its certificate expired on 7/7/2009
> 2:06PM"
>
> mail is still being delivered, though, but it would be nice to make
> that diagnostic go away.  i have a screen cap of the dialog box, which
> makes it clear it's related to dovecot.  is there a simple recipe for
> renewing that cert (something i've never had occasion to do)?  just
> pointing me at the appropriate web page would be fine.  and is that
> enough info to know how to solve the problem?  an expert mail admin
> i'm not.

Who set up the dovecot installtion?  Dovecot doesn't use a certificate by 
default, so the person that generated the cert and got it signed would be the 
best source of information on the cert.

You can check your dovecot configuration files to determine the cert that it 
is presenting to the users.

IIRC, certificates aren't generally renewed so much as a new certificate is 
generated (you basically choose the expiration date then) and a CA will sign 
the new certificate.

openssl should have various utilities for inspecting and manipulating certs.  
You can even be your own CA that way.
-- 
Boyd Stephen Smith Jr.           	 ,= ,-_-. =.
bss@iguanasuicide.net            	((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy 	 `-'(. .)`-'
http://iguanasuicide.net/        	     \_/

Attachment: signature.asc
Description: This is a digitally signed message part.


Reply to: