So my IMAP server certificate expired today … so I needed to renew it. I use self-signed certificates for services I run myself.
First you need your config file. If you don’t have this you will be prompted to do so. (the Ubuntu Wiki has a nice introduction)
[ req ] default_bits = 2048 encrypt_key = yes distinguished_name = req_dn x509_extensions = cert_type prompt = no [ req_dn ] C=DE ST=HB L=Bremen O=IMAP-Server OU=Automatically-generated IMAP SSL key CN=imap.your-domain.tld emailAddressfirstname.lastname@example.org [ cert_type ] nsCertType = server
Then you generate the new certificate (expiring in 365 days) using the config file from above (imapd.cnf) and have it save it into imapd.pem.
openssl req -x509 -days 365 -nodes -newkey rsa:2048 -config imapd.cnf -keyout imapd.pem -out imapd.pem
Restart your service.
If you need to check the new key’s fingerprint you can get it with the following command.
openssl x509 -in imapd.pem -fingerprint