change cyrus-imapd ssl certificate FC3
Paul Bradshaw
bradshaw at wintermute.alumni.uoguelph.ca
Tue Nov 30 21:41:13 UTC 2004
Thanks Aleksandsar,
I wised up and found the documentation. Created the certificate.
Everything's fine now. Thanks for responding. You got me on the right
track.
...Paul
Aleksandar Milivojevic wrote:
> Paul Bradshaw wrote:
>
>> Can anyone walk me through, or point me to information on how to
>> change the certificate that cyrus-imapd is using for ssl? My mail
>> client is giving me the message "the local certificate belongs to
>> "localhost.localdomain" when I connect. I would like to make a new
>> certificate with the correct hostname in it.
>
>
> You can either generate new key, or reuse old key. Before doing any
> of the bellow, you might want to check and edit stock openssl.cnf file
> (in /usr/share/ssl). In there, you can specify more IP addresses and
> host names that certificate should be valid for (so you can make it
> valid for localhost, hostname, 127.0.0.1, 1.2.3.4, and so on).
>
> If you want to generate new key, you would do something like:
>
> openssl genrsa -des3 -out key.pem 2048
>
> To generate self signed certificate, do something like this:
>
> openssl openssl req -new -x509 -key key.pem -out cert.pem
>
> If you want to generate certificate request and send it to CA (that
> will than issue you a certificate), ommit -x509 option.
>
>> I am guessing I need to revoke the old certifcate first, then create
>> the new one. I think I figured out how to make the new one, but I'm
>> not entirely certain of the correct way to revoke the old one. Has
>> anyone else done this before?
>
>
> Unless you have a way to publish your revocation list somewhere,
> somehow, there's no point in revoking the old certificate.
>
More information about the users
mailing list