how to renew certificates

Rainel · 04-03-2008, 09:06 PM

Gud day to all

Yesterday I check my logs at my mail admin account and got this warning message:

Certificate for hostname 'mail.com.ph', in file:
/etc/httpd/conf/ssl.crt/server.crt

The certificate needs to be renewed; this can be done
using the 'genkey' program.

Browsers will not be able to correctly connect to this
web site using SSL until the certificate is renewed.

And now when I try to open my mail account I got this message.

"mail.com.ph" is a site that uses a security certificate to encrypt data during transmission, but its certificate expired on 4/3/2008 2:09 PM.

You should check to make sure that your computer's time (currently set to Friday, April 04, 2008 8:24:04 AM)is correct.

I'm using CentOS 4.
I google it and find a site like the one below
(just scroll until u find a topic about How to Renew Certificates)

http://www.gtlib.cc.gatech.edu/pub/l...tes-HOWTO.html

is that the correct procedure to my problem, my server is up and running
and if I did one mistake just because of renewing certificates will be a great pain and headache to me,coz I'm still studying Linux..
as of now could anyone help me fix this problem..

Any help will be highly appreciated..

Samotnik · 04-04-2008, 04:17 PM

Have you tried to use genkey program to update the key?

Mara · 04-06-2008, 01:16 PM

Moved: This thread is more suitable in Linux-Server and has been moved accordingly to help your thread/question get the exposure it deserves.

The procedure in section 2.5.3 of SSL Certificates HOWTO is correct for your case. If you're afrid, however, copy the configuration file /etc/httpd/conf/ssl.crt/server.crt and probably the whole /etc/httpd/conf/ssl.crt to a safe place or even a different machine and try this first in that place. Then, after you see the results, do the same on the production system. Of course, you'll need to change the path given in the command.

Rainel · 04-07-2008, 08:02 PM

thanks all for the reply

I have 1 last question..I know it sounds odd but forgive me I'm kinda new to this linux, on this link:

http://www.gtlib.cc.gatech.edu/pub/l...tes-HOWTO.html

just scroll down to renew certificates again, where can I found index.txt
as stated on the above link

To find the old certificate, look in the index.txt file for the Distinguished Name (DN) corresponding to the request. Get the serial Number <xx>, and use the file cert/<xx>.pem as certificate for the revocation procedure.

as of Samotnik reply i try to use genkey: make genkey and enter passphrase but when I replace the server.crt and server.key then restart service httpd restart it fails to start..

Thanks again

Best regards

Mara · 04-10-2008, 03:05 PM

What error message does it give you?

Rainel · 04-10-2008, 08:31 PM

My apologies for the late reply again Mara
it's says something like this "No Virtual Hosts found"

Rainel · 04-15-2008, 08:31 PM

solved it...

this are the steps:

make a backup of your /etc/httpd/conf

1.service httpd stop
2.cd to /etc/httpd/conf
3.make test.pem

answer some of the questions intended for your certificates

4.cat test.pem > ssl.crt/server.crt
5.cat test.pem > ssl.key/server.key
6.service httpd start

If something happens you can revert your old conf then try again..

Thanks for all the help...

Best Regards..