Posted on by Daniel Mettler

New SSL/TLS certificates for numlock.ch

There are new SSL/TLs certificates for numlock.ch, valid through July 23, 2015:

SSL/TLS server certificates

Please delete the old certificates and import the new ones. Thank you.

For those who are interested in how to create TLS/SSL certificates for Gentoo, take a look at the Virtual Mailhosting System with Postfix Guide. In order to extend the validity of the certificates to 10 years, you need to edit a couple of files:

in /usr/sbin/mkimapdcert, replace

/usr/bin/openssl req -new -x509 -days 365 -nodes \

with

/usr/bin/openssl req -new -x509 -days 3650 -nodes \

in /etc/ssl/openssl.cnf, set

default_days = 3650 # how long to certify for

(note that strangely, the default settings in /etc/ssl/openssl.cnf override the custom settings in /etc/ssl/misc/CA.pl)

Leave a Reply

Your email address will not be published. Required fields are marked *

9 × = 72

This site uses Akismet to reduce spam. Learn how your comment data is processed.