Skip to main content

SSL Certificate Warning

(2014-01-20)

Problem

Email:

################# SSL Certificate Warning ################

  Certificate for hostname 'computer.domain', in file (or by nickname):
     /etc/pki/tls/certs/localhost.crt

  The certificate needs to be renewed; this can be done
  using the 'genkey' program.

  Browsers will not be able to correctly connect to this
  web site using SSL until the certificate is renewed.

 ##########################################################
                                  Generated by certwatch(1)

Solution

Run these commands and fill out the prompts accordingly (or let the defaults blank):

# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl rsa -in server.key -out signingkey.key
# openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
# chmod 600 server.key
# chmod 600 selfsigned_digicert.crt
# cp server.key /etc/pki/tls/private/localhost.key
# cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

Commentary

If you ignore this message, and let the cert expire, nothing bad will happen immediately (presuming of course your users are already ignoring the "warnings" about the self-signed cert or you are not using SSL at all). However the next time httpd is bounced (manually, yum updates, or a system reboot) httpd won't start and the error message it gives you will be obscure.