Re: how to renew a security certificate?



On Thursday 17 September 2009 14:06:50 Robert P. J. Day wrote:
i'm hoping this is an easy one, even though i'm going thru the docs
as we speak. on a functioning debian system, for the last many weeks,
the clients who have fired up their thunderbird clients have been
told:

"mail.XXX.com is a site that uses a security certificate to encrypt
data during transmission, but its certificate expired on 7/7/2009
2:06PM"

mail is still being delivered, though, but it would be nice to make
that diagnostic go away. i have a screen cap of the dialog box, which
makes it clear it's related to dovecot. is there a simple recipe for
renewing that cert (something i've never had occasion to do)? just
pointing me at the appropriate web page would be fine. and is that
enough info to know how to solve the problem? an expert mail admin
i'm not.

Who set up the dovecot installtion? Dovecot doesn't use a certificate by
default, so the person that generated the cert and got it signed would be the
best source of information on the cert.

You can check your dovecot configuration files to determine the cert that it
is presenting to the users.

IIRC, certificates aren't generally renewed so much as a new certificate is
generated (you basically choose the expiration date then) and a CA will sign
the new certificate.

openssl should have various utilities for inspecting and manipulating certs.
You can even be your own CA that way.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

Attachment: signature.asc
Description: This is a digitally signed message part.