change cyrus-imapd ssl certificate FC3
Aleksandar Milivojevic
amilivojevic at pbl.ca
Tue Nov 30 16:41:52 UTC 2004
Paul Bradshaw wrote:
> Can anyone walk me through, or point me to information on how to change
> the certificate that cyrus-imapd is using for ssl? My mail client is
> giving me the message "the local certificate belongs to
> "localhost.localdomain" when I connect. I would like to make a new
> certificate with the correct hostname in it.
You can either generate new key, or reuse old key. Before doing any of
the bellow, you might want to check and edit stock openssl.cnf file (in
/usr/share/ssl). In there, you can specify more IP addresses and host
names that certificate should be valid for (so you can make it valid for
localhost, hostname, 127.0.0.1, 1.2.3.4, and so on).
If you want to generate new key, you would do something like:
openssl genrsa -des3 -out key.pem 2048
To generate self signed certificate, do something like this:
openssl openssl req -new -x509 -key key.pem -out cert.pem
If you want to generate certificate request and send it to CA (that will
than issue you a certificate), ommit -x509 option.
> I am guessing I need to revoke the old certifcate first, then create the
> new one. I think I figured out how to make the new one, but I'm not
> entirely certain of the correct way to revoke the old one. Has anyone
> else done this before?
Unless you have a way to publish your revocation list somewhere,
somehow, there's no point in revoking the old certificate.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the users
mailing list