One of our servers running Fedora 16 started sending the following message to root in an email:

################# SSL Certificate Warning ################

Certificate for hostname 'server11.<servername>.com', in file (or by nickname):         /etc/pki/tls/certs/localhost.crt

The certificate needs to be renewed; this can be done using the 'genkey' program.

Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed.

##########################################################
Generated by certwatch(1)

Because it is a self-signed cert you really can not use genkey to renew, so I tried issuing a new self-signed cert with:

grep SSLCertificate /etc/httpd/conf.d/ssl.conf

and grabbed the location of the certs

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Then I checked the permissions of these files with

la /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key

Then I created the cert with

openssl req -new -days 365 -x509 -nodes -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key

When prompted I entered

Generating a 2048 bit RSA private key
..........................................+++
.................+++
writing new private key to '/etc/pki/tls/private/localhost.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:<MyState>
Locality Name (eg, city) [Default City]:<MyCity>
Organization Name (eg, company) [Default Company Ltd]:<MyCompany>
Organizational Unit Name (eg, section) []:<MyDepartment>
Common Name (eg, your name or your server's hostname) []:server11.<servername>.com
Email Address []:<Admin Email>

I then checked the files again with

la /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key

All looked OK and the new files were there with the right permissions. So all seemed to work out fine but I'm still receiving the cert expiration warning. What am I missing?

asked 02 Oct '12, 11:09

Patrick%20Nelson's gravatar image

Patrick Nelson
11112
accept rate: 0%

Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×15
×8

Asked: 02 Oct '12, 11:09

Seen: 13,670 times

Last updated: 02 Oct '12, 11:09

powered by OSQA