Page 1 of 1

self-signed certificate expired

Posted: 20 Mar 2017 11:29
by dwmp
Hello,

we are using the self-signed certificate (EFA 3.0.1.8) and today I got the error in a browser that the certificate expired (validity was one year).
How can I renew it?

Thanks!
BR
dwmp

Re: self-signed certificate expired

Posted: 20 Mar 2017 14:20
by Woger
I would use a letsencrypt certificate. Check here: viewtopic.php?f=15&t=2204

official but free certificate and won't expire with the cron.

Re: self-signed certificate expired

Posted: 21 Mar 2017 09:10
by dwmp
Hello,

thanks for the answer. But self-signed certificates are sufficient for us, so how can I prolong it?
Thanks.

BR
dwmp

Re: self-signed certificate expired

Posted: 24 Mar 2017 06:56
by dwmp
Has someone an idea?
Thanks!

Re: self-signed certificate expired

Posted: 24 Mar 2017 12:15
by stusmith
https://www.digitalocean.com/community/ ... s-and-csrs

and

http://stackoverflow.com/questions/1017 ... th-openssl

I believe that the file that you need to edit is /etc/httpd/conf.d/ssl.conf

Code: Select all

    100 #   Server Certificate:
    101 # Point SSLCertificateFile at a PEM encoded certificate.  If
    102 # the certificate is encrypted, then you will be prompted for a
    103 # pass phrase.  Note that a kill -HUP will prompt again.  A new
    104 # certificate can be generated using the genkey(1) command.
    105 SSLCertificateFile /etc/pki/tls/certs/my.pem
    106
    107 #   Server Private Key:
    108 #   If the key is not combined with the certificate, use this
    109 #   directive to point at the key file.  Keep in mind that if
    110 #   you've both a RSA and a DSA private key you can configure
    111 #   both in parallel (to also allow the use of DSA ciphers, etc.)
    112 SSLCertificateKeyFile /etc/pki/tls/private/my.key
    113
    114 #   Server Certificate Chain:
    115 #   Point SSLCertificateChainFile at a file containing the
    116 #   concatenation of PEM encoded CA certificates which form the
    117 #   certificate chain for the server certificate. Alternatively
    118 #   the referenced file can be the same as SSLCertificateFile
    119 #   when the CA certificates are directly appended to the server
    120 #   certificate for convinience.
    121 #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
    122
    123 #   Certificate Authority (CA):
    124 #   Set the CA certificate verification path where to find CA
    125 #   certificates for client authentication or alternatively one
    126 #   huge file containing all of them (file must be PEM encoded)
    127 #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
You should be able to copy the files that you make using the instructions in the link to the paths listed in your file and restart apache.

Re: self-signed certificate expired

Posted: 05 Apr 2017 11:17
by dwmp
Thanks, worked!