On Nov 26, 2013, at 3:03 PM, Bill Thoen <[email protected]> wrote: > Yesterday and today I received this notice: > > ################# SSL Certificate Warning ################ > > Certificate for hostname 'server.gisnet.com', in file (or by nickname): > /etc/pki/tls/certs/localhost.crt > > The certificate needs to be renewed; this can be done > using the 'genkey' program. > > Browsers will not be able to correctly connect to this > web site using SSL until the certificate is renewed. > > ########################################################## > Generated by certwatch(1) > > > I have no clue what to do about this, so I went to Google and asked the > planetary brain for guidance. I must not have asked the question carefully > enough, because I didn't get much of an answer. I did get a Googlet that told > me that this was from root on my server, and it's telling me replace or renew > the certificate on my server so that won't block people browsing my site. > > Now I'm stuck. I've run out of knowledge. I have only a vague understanding > of certificates and I don't know which kind of cert I need or which renew > command to use. Could someone help me choose the right option to use for > genkey and give that notice what it wants to see?
If this is a self-signed cert, you need to generate a new one. This can be done with the original cert request, or a new one if you don't have the old one. The steps are outlined here: http://www.akadia.com/services/ssh_test_certificate.html If this is not a self-signed cert, then you will need to renew it with the certificate authority that you received the cert from originally, or a new authority. To display the cert details, which should tell you if it's self signed or not, use the following cheat sheet, in the "Display certificate information" section. http://wiki.samat.org/CheatSheet/OpenSSL (e.g. openssl x509 -in /etc/pki/tls/certs/localhost.crt -noout -text) I'm not an expert by any stretch of the imagination. If there are errors in my steps, others please feel free to correct me. Russell Johnson [email protected] _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
