Re: change cyrus-imapd ssl certificate FC3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Paul Bradshaw wrote:
Can anyone walk me through, or point me to information on how to change the certificate that cyrus-imapd is using for ssl? My mail client is giving me the message "the local certificate belongs to "localhost.localdomain" when I connect. I would like to make a new certificate with the correct hostname in it.

You can either generate new key, or reuse old key. Before doing any of the bellow, you might want to check and edit stock openssl.cnf file (in /usr/share/ssl). In there, you can specify more IP addresses and host names that certificate should be valid for (so you can make it valid for localhost, hostname, 127.0.0.1, 1.2.3.4, and so on).


If you want to generate new key, you would do something like:

   openssl genrsa -des3 -out key.pem 2048

To generate self signed certificate, do something like this:

   openssl openssl req -new -x509 -key key.pem -out cert.pem

If you want to generate certificate request and send it to CA (that will than issue you a certificate), ommit -x509 option.

I am guessing I need to revoke the old certifcate first, then create the new one. I think I figured out how to make the new one, but I'm not entirely certain of the correct way to revoke the old one. Has anyone else done this before?

Unless you have a way to publish your revocation list somewhere, somehow, there's no point in revoking the old certificate.


--
Aleksandar Milivojevic <amilivojevic@xxxxxx>    Pollard Banknote Limited
Systems Administrator                           1499 Buffalo Place
Tel: (204) 474-2323 ext 276                     Winnipeg, MB  R3T 1L7


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux