Bad certs in email?

WOW! Does anyone even read these things anymore? Been a long time since I even attempted a post on my weblog, but here goes:

I was going to read my email on my local mail server the other night when presented with a cert error. Geez, I HATE pissing with ssl certs. Anyhow I needed to fix because my default self signed cert had expired (why do they only default to one year anyway??).
I started off by looking for my certs (locate *.crt), but all the certs that showed were not the right ones. Where the heck was it? After some digging I decided to go back tohrough the docs for my mail server config. I am using postfix and dovecot, and then it struck me that MAYBE my cert wasn’t a .crt file.. MAYBE it was a pem. A quick locate later and violla! seems dovecot has a pem file at /etc/pki/dovecott/certs/dovecot.pem and checking the dates in that cert revealed this was the offender. I found a doc online which says you can generate a default cert by running /usr/libexec/dovecot/mkcert.sh. GREAT! It also says you can adjust the default cert length by editing that script, so I did just that and set it for like 9000 days. Anyhow, I ran the script and it barked because it doesn’t want to overwrite the existing cert. The fix is to rename the existing cert and its companion private cert located at /etc/pki/dovecott/private/dovecot.pem and then rerun the script and WOOT! It works!

Leave a Reply

You must be logged in to post a comment.