Expired certificates issue
hede
kolab983 at der-he.de
Tue Jan 7 15:44:35 CET 2020
Am 07.01.2020 12:32, schrieb Hernan Saltiel:
> I do not have the certbot directory, what I have is a self signed
> certificate, that expired. The Outlook window do not state that the
> certificate is invalid because it's self signed, but because has
> expired.
There's plenty of help out there how to renew self signed certificates,
like this one for red hat based distributions (my first search hit for
red hat based distributions):
https://www.stevejenkins.com/blog/2010/08/renewing-a-self-signed-ssl-certificate-on-fedoracentos/
(The default self-signed cert for debian is valid many years, so you're
probably using a red hat based distribution!? - correct me if I'm
wrong.)
There's no kolab specialty in it, you can use any method your OS
supports. You probably have to adapt path-names to your key and cert (if
they are different), like is said within the how to. The give an example
for Apache, this one is for postfix:
grep -e "tls_cert_file" /etc/postfix/main.cf
... it should show you where postfix will expect your cert/key to
reside.
> All this was previously configured, when initially installed the
> server, with the certs I created.
Presumably it's the OS default key/cert - created by the installer for
testing purposes. It should be possible to renew it the way designated
by your OS designer. Or better: replaced by some valid CA certificate.
Btw: Why self signed at all? I wonder if Outlook accepts the self signed
cert without a warning? I - for myself - would prefer to use some valid
CA certificate, currently royalty free Let's Encrypt certificates.
Nevertheless it's absolutely fine to use self singed certificates.
Rolling out a self made CA or Checking fingerprints by hand is actually
_more_ secure than the currently used internet-wide CA system.
regards
hede
More information about the users
mailing list