Koozali.org: home of the SME Server
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: certificate regenerated after upgrade to 7.1.3
« previous next »
Pages: [1]   Go Down

certificate regenerated after upgrade to 7.1.3

  • 1 Replies
  • 2220 Views

Offline bunkobugsy

  • *
  • 281
  • +4/-0
certificate regenerated after upgrade to 7.1.3
« on: March 25, 2007, 05:38:15 PM »
Quoting from http://bugs.contribs.org/show_bug.cgi?id=1689:
----------------------------------
Since upgrading 7.1.2 to 7.1.3 my cert regenareted, and .crt and .pem became 12 bytes shorter (interestingly .key did not change), and also I did not get any mail about certificate being changed.
After falling for http://forums.contribs.org/index.php?topic=31879.0 I've been able to just copy back these 2 files and post-upgrade... to restore them, but can't do it anymore, it just gets regenerated.
They are still valid (till 2008 january), and I just can't believe I have to go by each workstation and manually reimport our self-signed certificates.
I tried to change the CommonName thingie, but after expanding the modSSL test gave the exact same CN.
...
Also, our domain is 'www.domain.ro', but sme is installed in our main location, wich is also the MX named, 'nv.domain.ro'.
The server name is 'nv' and the domain is set to 'domain.ro', so FQDN is
'nv.domain.ro' (I think).
...
Ok, figured it out for myself, admin email in cert changed to 'admin@domain.ro'
Even though you set things right I chose to revert this fix (temporarly, till next year), because I'm lazy and don't want to reinstall certs - see post #32.
What I did is reverted > my $email = "admin\@$DomainName"; to "admin\@$FQDN".
This way the cert doesn't get regenerated till it expires (or another upgrade, when I will have to undo it again). This way my cert shows 'admin@nv.domain.ro' once again, which is wrong ofcourse, but I can live with that for 9 more months.
THIS reminds me that every single mail delivery failure notice that the server sends out quotes the invalid recipients in form of 'username@nv.domain.ro', when it should be 'username@domain.ro'.
Any ideeas? Have I set up something wrong (server='nv' and domain='domain.ro') or is this another bug? Shouldn't qmail use $DomainName instead of $FQDN ???
It would be also nice to have an optional db KEYLIFEINDAYS variable, so that keys can be generated for more than 1 year.
---------------------------
Any ideeas on this, did this happen to anybody else or am I the only one?
Logged

Offline kingjm

  • **
  • 55
  • +0/-0
    • www.iking.ca
ssl certs
« Reply #1 on: April 17, 2007, 05:18:28 PM »
I am pointing you to another post where some certs have been reworked in the past.  I have used the method in the other post and am now having the some problem.
http://forums.contribs.org/index.php?topic=34624.0
Logged
Pages: [1]   Go Up
« previous next »
  1. Koozali.org: home of the SME Server
  2. Obsolete Releases
  3. SME Server 7.x
  4. Topic: certificate regenerated after upgrade to 7.1.3