how to renew certificates
Gud day to all
Yesterday I check my logs at my mail admin account and got this warning message: Certificate for hostname 'mail.com.ph', in file: /etc/httpd/conf/ssl.crt/server.crt The certificate needs to be renewed; this can be done using the 'genkey' program. Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed. And now when I try to open my mail account I got this message. "mail.com.ph" is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 4/3/2008 2:09 PM. You should check to make sure that your computer's time (currently set to Friday, April 04, 2008 8:24:04 AM)is correct. I'm using CentOS 4. I google it and find a site like the one below (just scroll until u find a topic about How to Renew Certificates) http://www.gtlib.cc.gatech.edu/pub/l...tes-HOWTO.html is that the correct procedure to my problem, my server is up and running and if I did one mistake just because of renewing certificates will be a great pain and headache to me,coz I'm still studying Linux.. as of now could anyone help me fix this problem.. Any help will be highly appreciated.. |
Have you tried to use genkey program to update the key?
|
Moved: This thread is more suitable in Linux-Server and has been moved accordingly to help your thread/question get the exposure it deserves.
The procedure in section 2.5.3 of SSL Certificates HOWTO is correct for your case. If you're afrid, however, copy the configuration file /etc/httpd/conf/ssl.crt/server.crt and probably the whole /etc/httpd/conf/ssl.crt to a safe place or even a different machine and try this first in that place. Then, after you see the results, do the same on the production system. Of course, you'll need to change the path given in the command. |
how to renew certificates
thanks all for the reply
I have 1 last question..I know it sounds odd but forgive me I'm kinda new to this linux, on this link: http://www.gtlib.cc.gatech.edu/pub/l...tes-HOWTO.html just scroll down to renew certificates again, where can I found index.txt as stated on the above link To find the old certificate, look in the index.txt file for the Distinguished Name (DN) corresponding to the request. Get the serial Number <xx>, and use the file cert/<xx>.pem as certificate for the revocation procedure. as of Samotnik reply i try to use genkey: make genkey and enter passphrase but when I replace the server.crt and server.key then restart service httpd restart it fails to start.. Thanks again Best regards |
What error message does it give you?
|
how to renew certificates
My apologies for the late reply again Mara
it's says something like this "No Virtual Hosts found" |
solve it how to renew certificates
solved it...
this are the steps: make a backup of your /etc/httpd/conf 1.service httpd stop 2.cd to /etc/httpd/conf 3.make test.pem answer some of the questions intended for your certificates 4.cat test.pem > ssl.crt/server.crt 5.cat test.pem > ssl.key/server.key 6.service httpd start If something happens you can revert your old conf then try again.. Thanks for all the help... Best Regards.. |
All times are GMT -5. The time now is 03:12 PM. |