Either concurent with, or shortly after, upgrading to Hardy, the security system indicated that my ssh keys were generated by a version ssh-keygen that had a broken random number generator and that I had to regenerate them. I did that and ssh is now fine.
However, when my Evolution e-mail client connects to the internal Dovcot POP3 (SSL) server running on top of Postfix, it gives the message below (in italics). This is probably because the snakeoil certificate /etc/ssl/certs/ssl-cert-snakeoil.pem was generated with the same broken random number generator is is therefore blacklisted. This raises two questions:
- How does one regenerate the snakeoil default ssl certificate?
- Are there any consequences of regenerating it that will have to be handled?
The easiest path would be to allow Evolution to accept the certificate. But who wants a default SSL certificate that doesn't provide security?
My version of Ubuntu is:
Linux CERTIBY1 2.6.24-16-generic #1 SMP Thu Apr 10 12:47:45 UTC 2008 x86_64 GNU/LinuxThanks for any help.
SSL Certificate check for certiby1:
Issuer: E=root@CERTIBY1.LAHILLS.CERTIBY.COM,CN=CERTIBY1.LA HILLS.CERTIBY.COM,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX
Subject: E=root@CERTIBY1.LAHILLS.CERTIBY.COM,CN=CERTIBY1.LA HILLS.CERTIBY.COM,OU=Office for Complication of Otherwise Simple Affairs,O=OCOSA,L=Everywhere,ST=There is no such thing outside US,C=XX