Posted by Wim Koorenneef on 2009-02-21 21:04 CET
For some reason Dovecot started to complain about an expired ssl certificate. Well, actually my mail client thunderbird complained. In order to renew the certificate I used the following commands:
openssl genrsa -out server.key 1024
openssl req -new -x509 -key server.key -out server.pem -days 1826
cp server.key /etc/ssl/private/ssl-cert-snakeoil.key
cp server.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
The important bit while creating the certificate is the common name. Fill in localhost or your server's domain name.
And just in case you forgot how to make a self-signed certificate for apache2:
openssl genrsa -out apache.key 1024
openssl req -new -key apache.key -out apache.csr
openssl x509 -req -days 365 -in apache.csr -signkey apache.key -out apache.crt
Just make sure there are no non-ssl sites running on port 443 or you get an error like: ssl_error_rx_record_too_long
Update: In Ubuntu 10.04 you can use the following command to generate new snakeoil certificates for Dovecot and Apache:
make-ssl-cert generate-default-snakeoil –force-overwrite
Hello!I am checking your
Hello!I am checking your blog for some days now. I have to admit that it is very informative. It is already in my bookmarks and i will make sure that i will follow it frequently. Thanks for the interesting inputs . Furthermore, i honestly like your theme and how you have organised the contents of your site . Is it possible to tell me the name of your theme ? Thanks
Respect!
Generated my first certificate for dovecot. :) Just need to mention that CN must be the same, as in the client program - server name or ip address.
:)
oh ok, thanks for the info!
thank you
Thanks to your article I solve it. b&b Venice
thanx!
thanx, it helped me to renew proftpd cert
Thanks
Thanks for that, dovecot always seems to generate invalid certificates (or so thunderbird says) and this helped re-create the certs and they now work.
Post new comment