Maurizio Marini wrote:
HelloI have this very old installation: 389-ds-1.1.3-5.fc12.noarch 389-ds-console-doc-1.2.0-5.fc12.noarch 389-ds-base-1.2.5-1.fc12.i686 389-ds-console-1.2.0-5.fc12.noarch 389-console-1.1.3-5.fc12.noarch 389-admin-console-1.1.4-2.fc12.noarch 389-dsgw-1.1.4-1.fc12.i686 389-admin-console-doc-1.1.4-2.fc12.noarch 389-adminutil-1.1.8-4.fc12.i686 389-admin-1.1.10-1.fc12.i686 into an old FC12. Now certs under /etc/httpd/alias are expired Certificate: Data: Version: 3 (0x2) Serial Number: 3 (0x3) Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption Issuer: "CN=Certificate Shack,O=example.com,C=US" Validity: Not Before: Mon Mar 01 10:50:54 2010 Not After : Sat Mar 01 10:50:54 2014 Subject: "CN=localhost4.localdomain4,O=example.com,C=US" and I have this error into log: [error] SSL Library Error: -8181 Certificate has expired the it suggests to " Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the prob lem can be resolved." I did, and it works. Now I wonder how can I renew that expired cert. I have googled around but I have not found any simple to re-create the cert. I find this http://directory.fedoraproject.org/wiki/Howto:SSL but it is not so easy to regenerate an expired certificate. Is there something simpler? Can you help me?
It very much depends on where the original certificate came from. Where did it come from originally? Do you have a CA somewhere?
It also depends on whether you want to retain the same private key. rob -- 389 users mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/389-users
