lighttpd + ssl: can't seem to update my server-side certificates
Hi all,
I have a webserver running lighttpd. At one point, SSL was working fine, but the server-side certificates issued by CA-cert have expired, and I am having trouble updating them. First, I created a new .csr key: Code:
openssl req -nodes -new -keyout venus.key -out venus.csr To create the pem file, I ran: Code:
cat venus.key venus.crt > venus.pem Code:
-rw-r--r-- 1 root colin 1522 Sep 17 18:37 venus.crt However, when I try to acess my server via https, it keeps returning an error message: Quote:
For the sake of completeness, here are the relevents snippets from lighttpd.conf: Code:
$SERVER["socket"] == ":443" { Thanks. |
Quote:
|
what I would do:
from the client try (assuming 'venus' is your server name) Code:
wget --no-check-certificate --save-headers https://venus/ -O tmp.html to view the certificate that lighttpd is offering: Code:
openssl s_client -showcerts -connect venus:443 if you can verify that it is in fact the old cert, and that lighttpd is in fact the service offering the certificate, then yes, lighttpd is reading the cert from another location. if you're stumped about where that other cert is located then try running lighttpd in the foreground (not as daemon) with strace Code:
sudo strace lighttpd <debug options> 2> lighttpd.strace |
Quote:
|
Thanks everyone for the suggestions.
I solved the problem: for some reason, the way I was restarting lighttpd wasn't causing it to reload its settings. When I killed it to run it was strace, then restarted it, it read the new certificate correctly. At the moment, I can't alas duplicate what I had been going wrong. |
All times are GMT -5. The time now is 08:23 PM. |