So my IMAP server certificate expired today … so I needed to renew it. I use self-signed certificates for services I run myself.
First you need your config file. If you don’t have this you will be prompted to do so. (the Ubuntu Wiki has a nice introduction)
[ req ]
default_bits = 2048
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
[ req_dn ]
OU=Automatically-generated IMAP SSL key
[ cert_type ]
nsCertType = server
Then you generate the new certificate (expiring in 365 days) using the config file from above (imapd.cnf) and have it save it into imapd.pem.
openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config imapd.cnf -keyout imapd.pem -out imapd.pem
Restart your service.
If you need to check the new key’s fingerprint you can get it with the following command.
openssl x509 -in imapd.pem -fingerprint