スポンサーサイト 

上記の広告は1ヶ月以上更新のないブログに表示されています。
新しい記事を書く事で広告が消せます。

サーバ証明書更新 

サーバのSSL証明書が切れそうだとのメールがrootに届いた。

   ################# SSL Certificate Warning ################

   Certificate for hostname '***.***.***', in file (or by nickname):
   /etc/pki/tls/certs/localhost.crt

   The certificate needs to be renewed; this can be done
   using the 'genkey' program.

   Browsers will not be able to correctly connect to this
   web site using SSL until the certificate is renewed.

   ##########################################################
Generated by certwatch(1)


証明書を更新するための手順は以下の通り。

サーバー用秘密鍵作成

# cd /etc/pki/tls/certs
# openssl genrsa -out server.key -des3 2048
Generating RSA private key, 2048 bit long modulus
............................................+++
...................+++
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
#


パスフレーズを削除

# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
#


サーバー用公開鍵作成

# openssl req -new -key server.key -days 3650 -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:***.***.***
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
#


サーバー用証明書作成

# mkdir old
# cp -i localhost.crt old/localhost.crt.20130430
# openssl x509 -in server.csr -out localhost.crt -req -signkey server.key -days 3650
Signature ok
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=***.***.***
Getting Private key
# chmod 644 localhost.crt server.csr server.key
# mkdir /etc/pki/tls/private/old
# cp -i /etc/pki/tls/private/localhost.key /etc/pki/tls/private/old/localhost.org
# mv -i server.key /etc/pki/tls/privte/localhost.key
#


HTTPDへ反映


# service httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
#


スポンサーサイト
上記広告は1ヶ月以上更新のないブログに表示されています。新しい記事を書くことで広告を消せます。