-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, In self signed certificates for an internal dovecot, how can I extend its validity time? Using "/usr/share/dovecot/mkcert.sh" and "dovecot-openssl.cnf". The later default config file is (I edit the file, of course): [ req ] default_bits = 2048 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) #C=FI # State or Province Name (full name) #ST= # Locality Name (eg. city) #L=Helsinki # Organization (eg. company) #O=Dovecot # Organizational Unit Name (eg. section) OU=IMAP server # Common Name (*.example.com is also possible) CN=imap.example.com # E-mail contact emailAddress=postmaster@example.com [ cert_type ] nsCertType = server If there is a man page for that configuration file, please point me to it ;-) The command used is, apparently: $OPENSSL req -new -x509 -nodes -config $OPENSSLCONFIG -out $CERTFILE -keyout $KEYFILE -days 365 || exit 2 - -- Cheers Carlos E. R. (from 15.4 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCZKFpNhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV78gAmwR6sk45B0AkquufJYqb PLtErHCDAJwK6vo72VlBwirIgWpbAhAKf8ZsFw== =VeJf -----END PGP SIGNATURE-----
Hello, In the Message; Subject : [oS-en] Self signed certificates Message-ID : <24c2976e-a3e9-3e5b-d098-84a2d976baa4@telefonica.net> Date & Time: Sun, 2 Jul 2023 14:10:30 +0200 (CEST) [CER] == "Carlos E. R." <robin.listas@telefonica.net> has written: CER> -----BEGIN PGP SIGNED MESSAGE----- CER> Hash: SHA1 CER> Hi, CER> In self signed certificates for an internal dovecot, how can I extend its CER> validity time? [...] To extend the validity time of a self-signed certificate for Dovecot, you can use the following command: openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem The -days option specifies the number of days that the certificate will be valid. In this example, it is set to 3650 days (10 years). You can adjust this value as needed. CER> If there is a man page for that configuration file, please point CER> me to it ;-) You can find more information on how to create self-signed SSL certificates using OpenSSL in Dovecot’s documentation. Regards. --- ┏━━┓彡 野宮 賢 mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " Hassabis says that no one really knows for sure that AI will become a major danger. But he is certain that if progress continues at its current pace, there isn’t much time to develop safeguards. "I can see the kinds of things we're building into the Gemini series right, and we have no reason to believe that they won't work," he says." -- "Google DeepMind's CEO Says Its Next Algorithm Will Eclipse ChatGPT" --
On 2023-07-02 14:22, Masaru Nomiya wrote:
Hello,
CER> In self signed certificates for an internal dovecot, how can I extend its CER> validity time? [...]
To extend the validity time of a self-signed certificate for Dovecot, you can use the following command:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem
The -days option specifies the number of days that the certificate will be valid. In this example, it is set to 3650 days (10 years). You can adjust this value as needed.
Ah, thanks :-) -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
On 2023-07-02 14:25, Andrei Borzenkov wrote:
On 02.07.2023 15:10, Carlos E. R. wrote:
Hi,
In self signed certificates for an internal dovecot, how can I extend its validity time?
You cannot. You can generate new certificate with different valid time.
Yes, of course, that's what I want. -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)
participants (3)
-
Andrei Borzenkov -
Carlos E. R. -
Masaru Nomiya