[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: courier certificate regeneration.

On Tue, 05 Oct 2010 00:26:24 +0700, Sthu Deus wrote:

>> BTW, what is the exact error message you are getting? Did you create
>> the new certificate with updated data?
> 
> My mailer says that current certificate is expired - it gives me the
> finger prints and other certificate information as to: who signed, when,
> etc.

Okay. But having the log file would help a lot :-)

> Sorry, I didn't understand You last phrase: which updated data? - What I
> did is this:
> 
> /bin/rm -f /etc/courier/pop3d.pem
> 
> /usr/sbin/mkpop3dcert
> 
> /etc/init.d/courier-pop-ssl restart
> 
> Then I saw ne certificate at the mailer, day(s) latter - old is here
> again!

I dunno for home-made SSL certificates but real ones needs you first 
input the correct data from a provided template. When it's time to renew 
the certificate, the Certificate Authority it auto-updates the expiration 
date and sends you the new *.crt file with the updated data.

So, how does you "/etc/courier/pop3d.cnf" looks like?

By reading the man page:

http://www.courier-mta.org/mkpop3dcert.html

It's like the certificate generation is feeding from that file :-?

Also, check if you already have a "/usr/lib/courier/share/pop3d.pem" 
file. 

Greetings,

-- 
Camaleón
Reply to: