Re: how to renew a security certificate?



On Thursday 17 September 2009 14:06:50 Robert P. J. Day wrote:
i'm hoping this is an easy one, even though i'm going thru the docs
as we speak. on a functioning debian system, for the last many weeks,
the clients who have fired up their thunderbird clients have been
told:

"mail.XXX.com is a site that uses a security certificate to encrypt
data during transmission, but its certificate expired on 7/7/2009
2:06PM"

mail is still being delivered, though, but it would be nice to make
that diagnostic go away. i have a screen cap of the dialog box, which
makes it clear it's related to dovecot. is there a simple recipe for
renewing that cert (something i've never had occasion to do)? just
pointing me at the appropriate web page would be fine. and is that
enough info to know how to solve the problem? an expert mail admin
i'm not.

Who set up the dovecot installtion? Dovecot doesn't use a certificate by
default, so the person that generated the cert and got it signed would be the
best source of information on the cert.

You can check your dovecot configuration files to determine the cert that it
is presenting to the users.

IIRC, certificates aren't generally renewed so much as a new certificate is
generated (you basically choose the expiration date then) and a CA will sign
the new certificate.

openssl should have various utilities for inspecting and manipulating certs.
You can even be your own CA that way.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@xxxxxxxxxxxxxxxxx ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/

Attachment: signature.asc
Description: This is a digitally signed message part.



Relevant Pages

  • Re: Dummies Guide for RADIUS/Certs
    ... I have set up IAS. ... client computers impacts certificate enrollment. ... configure Group Policy for domain member wireless clients so ... Cert Templates that is now enrolled on the IAS server. ...
    (microsoft.public.internet.radius)
  • Ex2K7 - Certificate errors for internal clients using Outlook 2007
    ... Ex2K7 server and they are all getting certificate errors when Outlook 2007 ... starts up on domain joined machines (internal clients). ... Our internal/private AD domain name is nearly identical to ... ended up purchasing a Digicert UCC cert that had only our external FQDNs for ...
    (microsoft.public.exchange.connectivity)
  • Re: Multiple vulnerabilites in vendor IKE implementations, including Cisco,
    ... > in a concentrator and configure the clients to only talk ... > to a server with that certificate. ... I've seen clients that support it, so I assume concentrators from the ... You _could_ dole out a single cert to all clients, ...
    (Bugtraq)
  • Re: authentication (SRP*, DH, TLS)
    ... B masternode offers core services and every nodeconnects to ... C as long as all clients connect to the master node only ... Make a CA that issues itself a self-signed certificate (CA root ... Install the CA root cert on all nodes and on all clients. ...
    (sci.crypt)
  • Re: certificate authority
    ... Should the Certificate Service be running? ... > Just FYI, in SBS2003, CEICW will auto generate a cert without CA. ... > (Assuming you setup the clients via the SBS client seutp wizard). ...
    (microsoft.public.windows.server.sbs)