* Nick Douma <n.do...@nekoconeko.nl> 28.11.2009 > Florian Weimer wrote: > > * Boyd Stephen Smith, Jr.: > > > >> Who set up the dovecot installtion? Dovecot doesn't use a certificate by > >> default, so the person that generated the cert and got it signed would be > >> the > >> best source of information on the cert. > > > > dovecot-common's postinst in etch automatically generates a > > certificate which is valid for one year. Not sure about lenny. > > Pretty sure lenny does it as well. I run lenny on my server with with > IMAPS and I don't recall creating a certificate.
And when the certificate is after one year no more valid, it's simple to generate a new one. From /usr/share/doc/dovecot.common/README.Debian: How to regenerate your self-signed SSL certificate -------------------------------------------------- In order to regenerate the self-signed SSL certificate for dovecot, you have to remove both the old certificate and the old key, and then reconfigure the package dovecot-common. For example, in a standard installation: # rm /etc/ssl/certs/dovecot.pem /etc/ssl/private/dovecot.pem # dpkg-reconfigure dovecot-common Or one can generate a certificate with openssl by himself: openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/dovecot.pem \ -keyout /etc/ssl/private/dovecot.pem The command above gives you a certificate which is valid for 10 years. Hth Michael -- Death is just God's way of dropping carrier.
signature.asc
Description: Digital signature
