Can anyone walk me through, or point me to information on how to change the certificate that cyrus-imapd is using for ssl? My mail client is giving me the message "the local certificate belongs to "localhost.localdomain" when I connect. I would like to make a new certificate with the correct hostname in it.
You can either generate new key, or reuse old key. Before doing any of the bellow, you might want to check and edit stock openssl.cnf file (in /usr/share/ssl). In there, you can specify more IP addresses and host names that certificate should be valid for (so you can make it valid for localhost, hostname, 127.0.0.1, 1.2.3.4, and so on).
If you want to generate new key, you would do something like:
openssl genrsa -des3 -out key.pem 2048
To generate self signed certificate, do something like this:
openssl openssl req -new -x509 -key key.pem -out cert.pem
If you want to generate certificate request and send it to CA (that will than issue you a certificate), ommit -x509 option.
I am guessing I need to revoke the old certifcate first, then create the new one. I think I figured out how to make the new one, but I'm not entirely certain of the correct way to revoke the old one. Has anyone else done this before?
Unless you have a way to publish your revocation list somewhere, somehow, there's no point in revoking the old certificate.
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7