[Dev] certificates have been renewed
Nicolás Reynolds
fauno at kiwwwi.com.ar
Thu Feb 21 16:40:56 GMT 2013
Michał Masłowski <mtjm at mtjm.eu> writes:
>> and reloaded nginx (on both servers) and prosody. is something else
>> using tls? if not, why not? :P
>
> postfix on repo should be.
have you restarted it?
>> ps: hitting "renew" on cacert doesn't work, we have to generate a new
>> csr using the host key.
>>
>> certtool -q --load-privkey=$host.key --outfile=$host.$today.csr
>
> Do we have a policy of replacing private keys?
i didn't replace them, but we have a key per host while we can have just
a parabola key (easier on configs?). what are you thinking?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20130221/e5f4a8cf/attachment.sig>
More information about the Dev
mailing list