Either concurent with, or shortly after, upgrading to Hardy, the security system indicated that my ssh keys were generated by a version ssh-keygen that had a broken random number generator and that I had to regenerate them. I did that and ssh is now fine.

However, when my Evolution e-mail client connects to the internal Dovcot POP3 (SSL) server running on top of Postfix, it gives the message below (in italics). This is probably because the snakeoil certificate /etc/ssl/certs/ssl-cert-snakeoil.pem was generated with the same broken random number generator is is therefore blacklisted. This raises two questions:

  1. How does one regenerate the snakeoil default ssl certificate?
  2. Are there any consequences of regenerating it that will have to be handled?

The easiest path would be to allow Evolution to accept the certificate. But who wants a default SSL certificate that doesn't provide security?

My version of Ubuntu is:
Linux CERTIBY1 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64 GNU/Linux
Thanks for any help.
David
SSL Certificate check for certiby1:

Issuer: E=root@CERTIBY1.LAHILLS.CERTIBY.COM,CN=CERTIBY1.LA HILLS.CERTIBY.COM,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX
Subject: E=root@CERTIBY1.LAHILLS.CERTIBY.COM,CN=CERTIBY1.LA HILLS.CERTIBY.COM,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX
Fingerprint: a3:e2:b7:8b:c6:cb:9e:86:3e:5e:c2:0b:85:bf:4d:44
Signature: BAD