For When You Can't Have The Real Thing
[ start | index | login ]
start > CentOS > 5 > SSL Certificate Warning

SSL Certificate Warning

Created by dave. Last edited by dave, 2 years and 171 days ago. Viewed 1,486 times. #4
[diff] [history] [edit] [rdf]
labels
attachments
(2014-01-20)

Problem

Email:

################# SSL Certificate Warning ################

Certificate for hostname 'computer.domain', in file (or by nickname): /etc/pki/tls/certs/localhost.crt

The certificate needs to be renewed; this can be done using the 'genkey' program.

Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed.

########################################################## Generated by certwatch(1)

Solution

Run these commands and fill out the prompts accordingly (or let the defaults blank):

# openssl genrsa -out server.key 1024
# openssl req -new -key server.key -out server.csr
# openssl rsa -in server.key -out signingkey.key
# openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 3650
# chmod 600 server.key
# chmod 600 selfsigned_digicert.crt
# cp server.key /etc/pki/tls/private/localhost.key
# cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

Commentary

If you ignore this message, and let the cert expire, nothing bad will happen immediately (presuming of course your users are already ignoring the "warnings" about the self-signed cert or you are not using SSL at all). However the next time httpd is bounced (manually, yum updates, or a system reboot) httpd won't start and the error message it gives you will be obscure.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt