Howto Renew Your SSL Certificates

So my IMAP server certificate expired today … so I needed to renew it. I use self-signed certificates for services I run myself.

First you need your config file. If you don’t have this you will be prompted to do so. (the Ubuntu Wiki has a nice introduction)

[ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no

[ req_dn ]
C=DE
ST=HB
L=Bremen
O=IMAP-Server
OU=Automatically-generated IMAP SSL key
CN=imap.your-domain.tld
emailAddress=postmaster@yourdomain.tld

[ cert_type ]
nsCertType = server

Then you generate the new certificate (expiring in 365 days) using the config file from above (imapd.cnf) and have it save it into imapd.pem.

openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config imapd.cnf -keyout imapd.pem -out imapd.pem

Restart your service.

If you need to check the new key’s fingerprint you can get it with the following command.

openssl x509 -in imapd.pem -fingerprint

Leave a Reply

Your email address will not be published. Required fields are marked *