For more info on the debian security announcement see:
http://lists.debian.org/debian-security-announce/2008/msg00152.html
Server keys for this host have been updated - any ssh users may well need to remove the old ones from their .known_hosts file (or equivalent). Just to let them know that the keys are changed and intentionally so.
I was experiencing odd things integrating to google maps - although I have both an API key for http and https - only https was working.
It turns out that the setting of the apache environment variable SERVER_PORT was always 443 irrespective of whether I was using http/80 or https/443 from the client.
There are several reasons you may need to add a self-signed https ssl certificate to your local java keystore.
For me - its so that maven can access DAV shares for repository deployment.
Cargo culted direct from the exim site.
openssl req -x509 -newkey rsa:1024 -keyout /etc/exim4/exim.key -out /etc/exim4/exim.crt -days 9999 -nodes
The really important bit is that the common name (CN) field must be the server name (at least so it seems to be for me)
Don't forget - if your pop3 and imap certificates also expire at the same time to renew them to.
Mail.app wouldn't stop asking about the certificates.
So:
Bingo! Well - works4me at least.
I was using courier-imap and courier-pop until today. I've just installed the -ssl versions of both.
At install they both create a certificate for localhost based in New York. This doesn't work unless it really is localhost.
In /etc/courier there are imapd.pem, imapd.cnf, pop3d.pem and pop3d.cnf
I left the non-ssl IMAP running but only for 127.0.0.1 for squirrel
There are two kinds of certificates available - self-certified (free - but people will have to either accept the certificate or manually install it) or paid for (you buy it from a Certificate Authority and as long as that CA is a common one then it will just work in most browsers).
First you will need a private key:
cd /etc/ssl
openssl genrsa -des3 -out private/your.domain.tld.key 2048
Drop the -des3 if you don't want a password (this will allow auto-startup of apache - but is much much less secure). Note - if you are going to purchase a certificate - check how many bits the provider wants you to use.
Just a note to self - to generate a new certificate
openssl req -new -key /etc/ssl/private/keyfile -x509 -days nnn -out /etc/apache2/ssl/certfile