Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   courier certificate regeneration. (http://www.linux-archive.org/debian-user/433166-courier-certificate-regeneration.html)

Sthu Deus 09-29-2010 09:09 AM

courier certificate regeneration.
 
Good day.

I have troubles w/ new certificates generated for courier pop server
after the old ones have expired.

That's what I did:

/bin/rm -f /etc/courier/imapd.pem
/bin/rm -f /etc/courier/pop3d.pem

/usr/sbin/mkimapdcert
/usr/sbin/mkpop3dcert

/etc/init.d/courier-authdaemon restart
/etc/init.d/courier-pop restart
/etc/init.d/courier-pop-ssl restart
/etc/init.d/courier-imap restart
/etc/init.d/courier-imap-ssl restart

Then, at the immediate connection to pop server I have seen the newly
generated certificate. While next day, I again see the old one that is
of course, already outdated.

So, how I can fix it, or what do I do wrong here?


Thank You for Your time.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4ca30266.191cdf0a.6b2b.ffffbb86@mx.google.com">htt p://lists.debian.org/4ca30266.191cdf0a.6b2b.ffffbb86@mx.google.com

Camaleón 09-29-2010 04:13 PM

courier certificate regeneration.
 
On Wed, 29 Sep 2010 16:09:51 +0700, Sthu Deus wrote:

> I have troubles w/ new certificates generated for courier pop server
> after the old ones have expired.

(...)

> Then, at the immediate connection to pop server I have seen the newly
> generated certificate. While next day, I again see the old one that is
> of course, already outdated.
>
> So, how I can fix it, or what do I do wrong here?

I would check Courier logs to gather further information on the error :-?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.09.29.16.13.46@gmail.com">http://lists.debian.org/pan.2010.09.29.16.13.46@gmail.com

Sthu Deus 10-01-2010 07:18 AM

courier certificate regeneration.
 
Thank You for Your time and answer, Camaleón:

> I would check Courier logs to gather further information on the
> error :-?

Do You know where it is? - There is no /var/log/courier dir. nor file,

grepping for word courier of /var/log/messages gave me nothing (it is

too big to view it in a editor). grepping for log in /etc/courier gave
me too no idea.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4ca58b5a.8a75df0a.0632.12ac@mx.google.com">http://lists.debian.org/4ca58b5a.8a75df0a.0632.12ac@mx.google.com

Camaleón 10-01-2010 07:44 AM

courier certificate regeneration.
 
On Fri, 01 Oct 2010 14:18:40 +0700, Sthu Deus wrote:

> Thank You for Your time and answer, Camaleón:
>
>> I would check Courier logs to gather further information on the error
>> :-?
>
> Do You know where it is? - There is no /var/log/courier dir. nor file,
>
> grepping for word courier of /var/log/messages gave me nothing (it is
>
> too big to view it in a editor). grepping for log in /etc/courier gave
> me too no idea.

My Cyrus (pop3/imap server) login messages fall under "/var/log/syslog".
You can grep that file for "pop".

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.10.01.07.44.51@gmail.com">http://lists.debian.org/pan.2010.10.01.07.44.51@gmail.com

Sthu Deus 10-04-2010 07:30 AM

courier certificate regeneration.
 
Thank You for Your time and answer, Camaleón:

> My Cyrus (pop3/imap server) login messages fall under
> "/var/log/syslog". You can grep that file for "pop".

Well. In the file I see a connection info only - but no a word on
certificate expiration.

Any ideas? - Why new certificate is removed by old one, and from whence
it comes since it has been removed?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4ca9829b.c971df0a.727a.47fc@mx.google.com">http://lists.debian.org/4ca9829b.c971df0a.727a.47fc@mx.google.com

Camaleón 10-04-2010 08:05 AM

courier certificate regeneration.
 
On Mon, 04 Oct 2010 14:30:18 +0700, Sthu Deus wrote:

>> My Cyrus (pop3/imap server) login messages fall under
>> "/var/log/syslog". You can grep that file for "pop".
>
> Well. In the file I see a connection info only - but no a word on
> certificate expiration.
>
> Any ideas? - Why new certificate is removed by old one, and from whence
> it comes since it has been removed?

Make Courier to be more verbose on logging. This may help:

http://www.courier-mta.org/authlib/README.authdebug.html

BTW, what is the exact error message you are getting? Did you create the
new certificate with updated data?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.10.04.08.05.23@gmail.com">http://lists.debian.org/pan.2010.10.04.08.05.23@gmail.com

Sthu Deus 10-04-2010 05:26 PM

courier certificate regeneration.
 
Thank You, Camaleón, again:

> BTW, what is the exact error message you are getting? Did you create
> the new certificate with updated data?

My mailer says that current certificate is expired - it gives me the
finger prints and other certificate information as to: who signed,
when, etc.

Sorry, I didn't understand You last phrase: which updated data? - What
I did is this:

/bin/rm -f /etc/courier/pop3d.pem

/usr/sbin/mkpop3dcert

/etc/init.d/courier-pop-ssl restart

Then I saw ne certificate at the mailer, day(s) latter - old is here
again!


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4caa0e45.5396cc0a.7f8b.ffff946a@mx.google.com">htt p://lists.debian.org/4caa0e45.5396cc0a.7f8b.ffff946a@mx.google.com

Camaleón 10-04-2010 07:38 PM

courier certificate regeneration.
 
On Tue, 05 Oct 2010 00:26:24 +0700, Sthu Deus wrote:

>> BTW, what is the exact error message you are getting? Did you create
>> the new certificate with updated data?
>
> My mailer says that current certificate is expired - it gives me the
> finger prints and other certificate information as to: who signed, when,
> etc.

Okay. But having the log file would help a lot :-)

> Sorry, I didn't understand You last phrase: which updated data? - What I
> did is this:
>
> /bin/rm -f /etc/courier/pop3d.pem
>
> /usr/sbin/mkpop3dcert
>
> /etc/init.d/courier-pop-ssl restart
>
> Then I saw ne certificate at the mailer, day(s) latter - old is here
> again!

I dunno for home-made SSL certificates but real ones needs you first
input the correct data from a provided template. When it's time to renew
the certificate, the Certificate Authority it auto-updates the expiration
date and sends you the new *.crt file with the updated data.

So, how does you "/etc/courier/pop3d.cnf" looks like?

By reading the man page:

http://www.courier-mta.org/mkpop3dcert.html

It's like the certificate generation is feeding from that file :-?

Also, check if you already have a "/usr/lib/courier/share/pop3d.pem"
file.

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.10.04.19.38.32@gmail.com">http://lists.debian.org/pan.2010.10.04.19.38.32@gmail.com

Sthu Deus 10-06-2010 03:48 PM

courier certificate regeneration.
 
Thank You for Your time and answer, Camaleón:

> Also, check if you already have a "/usr/lib/courier/share/pop3d.pem"
> file.

I have to apology before You, Camaleón, and whole the list - because
of the noise - this thread.

The deal was in my not sufficient attention that I paid to the
problem, loading You w/ my questions and making troubles to myself.

The problem was not in courier, but postfix - I just thought it was
pop sessions complaining about certification - and that I have changed
successfully - just as I have written before. Then occasionally I have
noted that it was SMTP session that was notifying about a certificate
expiration - then I went and did update that - now all is well.

Once, again, please excuse me for the noise.
Thanks Camaleón, for Your attention to my question.

Let's close the thread.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4cac9a38.8848df0a.01f9.15a7@mx.google.com">http://lists.debian.org/4cac9a38.8848df0a.01f9.15a7@mx.google.com


All times are GMT. The time now is 01:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.