courier certificate regeneration.
Good day.
I have troubles w/ new certificates generated for courier pop server after the old ones have expired. That's what I did: /bin/rm -f /etc/courier/imapd.pem /bin/rm -f /etc/courier/pop3d.pem /usr/sbin/mkimapdcert /usr/sbin/mkpop3dcert /etc/init.d/courier-authdaemon restart /etc/init.d/courier-pop restart /etc/init.d/courier-pop-ssl restart /etc/init.d/courier-imap restart /etc/init.d/courier-imap-ssl restart Then, at the immediate connection to pop server I have seen the newly generated certificate. While next day, I again see the old one that is of course, already outdated. So, how I can fix it, or what do I do wrong here? Thank You for Your time. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4ca30266.191cdf0a.6b2b.ffffbb86@mx.google.com">htt p://lists.debian.org/4ca30266.191cdf0a.6b2b.ffffbb86@mx.google.com |
courier certificate regeneration.
On Wed, 29 Sep 2010 16:09:51 +0700, Sthu Deus wrote:
> I have troubles w/ new certificates generated for courier pop server > after the old ones have expired. (...) > Then, at the immediate connection to pop server I have seen the newly > generated certificate. While next day, I again see the old one that is > of course, already outdated. > > So, how I can fix it, or what do I do wrong here? I would check Courier logs to gather further information on the error :-? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: pan.2010.09.29.16.13.46@gmail.com">http://lists.debian.org/pan.2010.09.29.16.13.46@gmail.com |
courier certificate regeneration.
Thank You for Your time and answer, Camaleón:
> I would check Courier logs to gather further information on the > error :-? Do You know where it is? - There is no /var/log/courier dir. nor file, grepping for word courier of /var/log/messages gave me nothing (it is too big to view it in a editor). grepping for log in /etc/courier gave me too no idea. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4ca58b5a.8a75df0a.0632.12ac@mx.google.com">http://lists.debian.org/4ca58b5a.8a75df0a.0632.12ac@mx.google.com |
courier certificate regeneration.
On Fri, 01 Oct 2010 14:18:40 +0700, Sthu Deus wrote:
> Thank You for Your time and answer, Camaleón: > >> I would check Courier logs to gather further information on the error >> :-? > > Do You know where it is? - There is no /var/log/courier dir. nor file, > > grepping for word courier of /var/log/messages gave me nothing (it is > > too big to view it in a editor). grepping for log in /etc/courier gave > me too no idea. My Cyrus (pop3/imap server) login messages fall under "/var/log/syslog". You can grep that file for "pop". Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: pan.2010.10.01.07.44.51@gmail.com">http://lists.debian.org/pan.2010.10.01.07.44.51@gmail.com |
courier certificate regeneration.
Thank You for Your time and answer, Camaleón:
> My Cyrus (pop3/imap server) login messages fall under > "/var/log/syslog". You can grep that file for "pop". Well. In the file I see a connection info only - but no a word on certificate expiration. Any ideas? - Why new certificate is removed by old one, and from whence it comes since it has been removed? -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4ca9829b.c971df0a.727a.47fc@mx.google.com">http://lists.debian.org/4ca9829b.c971df0a.727a.47fc@mx.google.com |
courier certificate regeneration.
On Mon, 04 Oct 2010 14:30:18 +0700, Sthu Deus wrote:
>> My Cyrus (pop3/imap server) login messages fall under >> "/var/log/syslog". You can grep that file for "pop". > > Well. In the file I see a connection info only - but no a word on > certificate expiration. > > Any ideas? - Why new certificate is removed by old one, and from whence > it comes since it has been removed? Make Courier to be more verbose on logging. This may help: http://www.courier-mta.org/authlib/README.authdebug.html BTW, what is the exact error message you are getting? Did you create the new certificate with updated data? Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: pan.2010.10.04.08.05.23@gmail.com">http://lists.debian.org/pan.2010.10.04.08.05.23@gmail.com |
courier certificate regeneration.
Thank You, Camaleón, again:
> BTW, what is the exact error message you are getting? Did you create > the new certificate with updated data? My mailer says that current certificate is expired - it gives me the finger prints and other certificate information as to: who signed, when, etc. Sorry, I didn't understand You last phrase: which updated data? - What I did is this: /bin/rm -f /etc/courier/pop3d.pem /usr/sbin/mkpop3dcert /etc/init.d/courier-pop-ssl restart Then I saw ne certificate at the mailer, day(s) latter - old is here again! -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4caa0e45.5396cc0a.7f8b.ffff946a@mx.google.com">htt p://lists.debian.org/4caa0e45.5396cc0a.7f8b.ffff946a@mx.google.com |
courier certificate regeneration.
On Tue, 05 Oct 2010 00:26:24 +0700, Sthu Deus wrote:
>> BTW, what is the exact error message you are getting? Did you create >> the new certificate with updated data? > > My mailer says that current certificate is expired - it gives me the > finger prints and other certificate information as to: who signed, when, > etc. Okay. But having the log file would help a lot :-) > Sorry, I didn't understand You last phrase: which updated data? - What I > did is this: > > /bin/rm -f /etc/courier/pop3d.pem > > /usr/sbin/mkpop3dcert > > /etc/init.d/courier-pop-ssl restart > > Then I saw ne certificate at the mailer, day(s) latter - old is here > again! I dunno for home-made SSL certificates but real ones needs you first input the correct data from a provided template. When it's time to renew the certificate, the Certificate Authority it auto-updates the expiration date and sends you the new *.crt file with the updated data. So, how does you "/etc/courier/pop3d.cnf" looks like? By reading the man page: http://www.courier-mta.org/mkpop3dcert.html It's like the certificate generation is feeding from that file :-? Also, check if you already have a "/usr/lib/courier/share/pop3d.pem" file. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: pan.2010.10.04.19.38.32@gmail.com">http://lists.debian.org/pan.2010.10.04.19.38.32@gmail.com |
courier certificate regeneration.
Thank You for Your time and answer, Camaleón:
> Also, check if you already have a "/usr/lib/courier/share/pop3d.pem" > file. I have to apology before You, Camaleón, and whole the list - because of the noise - this thread. The deal was in my not sufficient attention that I paid to the problem, loading You w/ my questions and making troubles to myself. The problem was not in courier, but postfix - I just thought it was pop sessions complaining about certification - and that I have changed successfully - just as I have written before. Then occasionally I have noted that it was SMTP session that was notifying about a certificate expiration - then I went and did update that - now all is well. Once, again, please excuse me for the noise. Thanks Camaleón, for Your attention to my question. Let's close the thread. -- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: 4cac9a38.8848df0a.01f9.15a7@mx.google.com">http://lists.debian.org/4cac9a38.8848df0a.01f9.15a7@mx.google.com |
| All times are GMT. The time now is 09:55 PM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.