[Dev] certificates have been renewed

Nicolás Reynolds fauno at kiwwwi.com.ar
Thu Feb 21 16:40:56 GMT 2013

Michał Masłowski <mtjm at mtjm.eu> writes:

>> and reloaded nginx (on both servers) and prosody.  is something else
>> using tls?  if not, why not? :P
> postfix on repo should be.

have you restarted it?

>> ps: hitting "renew" on cacert doesn't work, we have to generate a new
>> csr using the host key.
>>   certtool -q --load-privkey=$host.key --outfile=$host.$today.csr
> Do we have a policy of replacing private keys?

i didn't replace them, but we have a key per host while we can have just
a parabola key (easier on configs?).  what are you thinking?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20130221/e5f4a8cf/attachment.sig>

More information about the Dev mailing list