SSL Certificate Warning
(2014-01-20)
Problem
Email:
################# SSL Certificate Warning ################
Certificate for hostname 'computer.domain', in file (or by nickname):
/etc/pki/tls/certs/localhost.crt
The certificate needs to be renewed; this can be done
using the 'genkey' program.
Browsers will not be able to correctly connect to this
web site using SSL until the certificate is renewed.
##########################################################
Generated by certwatch(1)
Solution
Run these commands and fill out the prompts accordingly (or let the defaults blank):
# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl rsa -in server.key -out signingkey.key
# openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
# chmod 600 server.key
# chmod 600 selfsigned_digicert.crt
# cp server.key /etc/pki/tls/private/localhost.key
# cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt
Commentary
If you ignore this message, and let the cert expire, nothing bad will happen immediately (presuming of course your users are already ignoring the "warnings" about the self-signed cert or you are not using SSL at all). However the next time httpd is bounced (manually, yum updates, or a system reboot) httpd won't start and the error message it gives you will be obscure.