error 42 ssl certificate expired
Heiko Schlittermann
hs at schlittermann.de
Mon Apr 12 23:20:19 EEST 2021
Hi,
> In our case this is an internally used Dovecot Mail server that's used for
…
> certificates worth the expense? Just curious on what everyone's opinion is
> of Digital Certs signed by certificate authorities that are only used inside
> the LAN. Thoughts?
Aki is right. On the long run it's easier to use "offcial" certs. Since
the advent of Let's encrypt it is cheap.
Of course, getting a certificate from Let's Encrypt for an internal
service isn't as easy as for a public HTTP server, but it is possible.
(We use a dedicated machine, requesting certs for all our internal
services, employing the DNS challenge with Let's Encrypt. From this
dedicated machine then we deploy the certs into our internal
infrastructure using https://gitea.schlittermann.de/heiko/cert-proxy.git)
> > > I also tried creating new .crt and key files using this tutorial:
> > > https://msol.io/blog/tech/create-a-self-signed-ssl-certificate-with-openssl/
No need to use tech blogs. Use "man req" and brain.
openssl req -x509 -new \
-out ssl.pem \
-keyout ssl.pem -newkey rsa:4096 -nodes \
-subj /CN=example.com -days 365
(or two distinct files for crt and key).
--
Heiko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://dovecot.org/pipermail/dovecot/attachments/20210412/2bc86457/attachment.sig>
More information about the dovecot
mailing list