On 02/05/2018 01:01 PM, Eyal Lebedinsky wrote:
As of a month ago I started getting warnings from certwatch saying
     The certificate for Certificate Shack has expired
     The certificate for Frank Alpha has expired
which have now expired a week ago.

I wanted to find out who these hosts are and should I care about the expired certs.

So far I found these two (and no others) mentioned in the file
     -rw-r----- 1 root apache 65536 Jan 26  2014 /etc/httpd/alias/cert8.db
which is an old file which seems to be part of the mod_nss package.

Are these real certs? Test ones left there for no reason?

If they are not needed then what is the correct way to remove them, short of
removing the nss_mod module.

I expect they are sample certs, but I don't know why they are included. I don't see those on my server, but my database is much older.

To remove them, go to the /etc/httpd/alias directory. Run "certutil -L -d ." to make sure of the names. Then you can run "certutil -D -d . -n 'Frank Alpha'" for example to remove them from the database.
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org

Reply via email to