For When You Can't Have The Real Thing
[ start | index | login ]
start > CentOS > 7 > SSL Certificate Warning

SSL Certificate Warning

Created by dave. Last edited by dave, 30 days ago. Viewed 89 times. #3
[diff] [history] [edit] [rdf]
labels
attachments
(2014-01-20)

Problem

Email:

################# SSL Certificate Warning ################

Certificate for hostname 'computer.domain', in file (or by nickname): /etc/pki/tls/certs/localhost.crt

The certificate needs to be renewed; this can be done using the 'genkey' program.

Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed.

########################################################## Generated by certwatch(1)

Solution

Run these commands and fill out the prompts accordingly (or let the defaults blank):

# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/server.crt -keyout /etc/pki/tls/private/server.key
# chmod 600 /etc/pki/tls/certs/server.crt
# chmod 600 /etc/pki/tls/private/server.key
# systemctl restart httpd

Commentary

If you ignore this message, and let the cert expire, nothing bad will happen immediately (presuming of course your users are already ignoring the "warnings" about the self-signed cert or you are not using SSL at all). However the next time httpd is bounced (manually, yum updates, or a system reboot) httpd won't start and the error message it gives you will be obscure.

no comments | post comment
This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt