SSL Certificate Warning

the same procedure as every year 🙂
The certificate for myserver will expire in 29 days

################# SSL Certificate Warning ################

Certificate for hostname ‚centos.x.x‘, in file:
/etc/pki/tls/certs/localhost.crt

The certificate needs to be renewed; this can be done
using the ‚genkey‘ program.

Browsers will not be able to correctly connect to this
web site using SSL until the certificate is renewed.

################################################## ########

Was bedeutet das man das ssl zertifikat erneuern muss.
Ist unkompliziert und recht einfach per kommandozeile zu erledigen.

 

Alle Beispiele beziehen sich auf eine CentOS release 6.5 (Final) Installation !

1. wo liegen die Dateien ?

[root@myserver ~]# grep SSLCertificate /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

 

2.Rechte der Dateien
[root@myserver~]# ls -la /etc/pki/tls/certs/localhost.crt
-rw——-. 1 root root 855 Oct 13 18:55 /etc/pki/tls/certs/localhost.crt
[root@myserver~]# ls -la /etc/pki/tls/private/localhost.key
-rw——-. 1 root root 887 Oct 13 18:55 /etc/pki/tls/private/localhost.key

 

3.Erstellen der Zertifikate und keys

[root@myserver ~]# cd /tmp

# Erstellen eines 1024 bits RSA private key(server.key) fĂĽr encryption und signierung.

[root@myserver ~]# openssl genrsa -out server.key 1024

# Erzeuge ein neuen „certificate signing request“ (server.csr)  mit neuem/vorhandenen server.key  private key

[root@myserver ~]# openssl req -new -key server.key -out server.csr

# Den RSA private key (server.key) signieren (=signiningkey.key)

[root@myserver ~]# openssl rsa -in server.key -out signingkey.key

# Erstellen des Zertifikats (selfsigned_digicert.crt ) fĂĽr 365 Tage

[root@myserver ~]# openssl x509 -in server.csr -out selfsigned_digicert.crt -req -signkey signingkey.key -days 365

 

4. Rechte der Dateien festlegen

[root@myserver ~]# chmod 600 server.key
[root@myserver ~]# chmod 600 selfsigned_digicert.crt

 

5. Dateien in die Verzeichnisse kopieren

[root@myserver ~]# cp server.key /etc/pki/tls/private/localhost.key

[root@myserver ~]# cp selfsigned_digicert.crt /etc/pki/tls/certs/localhost.crt

 

6. Webserver restarten

[root@myserver ~]# service httpd restart

 

 

Enthält Infos von:
http://www.stevejenkins.com/blog/2010/08/renewing-a-self-signed-ssl-certificate-on-fedoracentos/

https://support.pivotal.io/hc/en-us/articles/202653388-How-to-renew-an-expired-Apache-Web-Server-self-signed-certificate-using-openssl-tool

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-centos-6


Comments are closed.