LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-07-2019, 08:14 AM   #1
Latitude
Member
 
Registered: Mar 2009
Posts: 65

Rep: Reputation: 16
What to do with old/expired SSL Cert(s)?


What is a good practice of how to deal with old/expired SSL certs and private keys? Is it safe to delete them or should they be moved to an archive directory for any reason? I recently updated the SSL certificate for our organization's web site which was recently verified and signed by the CA. I've updated the certificate by changing the SSL configuration file /etc/httpd/conf.d/ssl.conf to point to the new certificate file, and restarting httpd. I left the old file there but I don't want to leave the old cert there if it shouldn't be. I no longer see a reason to keep the old certificate and would like to know how handle this in the wild. Thanks guys!
 
Old 06-07-2019, 09:04 AM   #2
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 13,070

Rep: Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132Reputation: 4132
actually I can't find any reason to keep it. But probably someone knows...
 
Old 06-09-2019, 06:32 PM   #3
RickDeckard
Member
 
Registered: Jan 2014
Location: Acworth, Georgia, USA
Distribution: Arch Hardened, Ubuntu 18.04, Fedora 30
Posts: 160

Rep: Reputation: Disabled
Add them to your CRL. You do have one of those, don't you?
 
  


Reply

Tags
red hat, ssl


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
expired cert catiewong Linux - Security 18 03-12-2019 07:51 AM
how to configure Apache with one SSL cert for primary domain, another wildcard cert for subdomains? sneakyimp Linux - Server 5 05-08-2018 12:36 AM
concat server SSL cert and chain cert LYC Linux - Newbie 2 07-20-2015 07:08 AM
OpenSSL / Sendmail verifies both "TLS cert" and "x509 cert" in client mode, why? fast-reflexes Linux - Server 0 09-12-2010 11:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:13 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration