Server Cert. out of date

L

luppie

Verified User
Joined
Jul 28, 2005
Messages
41
I've installed my server more then a year ago and now if i'm browsing a SSL page it's telling me that the installed Certificate is out of date.

I know that it's no issue (cause it is'nt issued by a trusted root) but my customers that are using it are compaining that it's outdated.

How can i update this certificate that it;s valid for an other year again.
 
You will need to renew the certificate or have it reissued (depending on the company who issued the cert.) as there is no way that you can change the expiration date yourself.
 
Like i said, it's not an certificate that is issued by a trusted root CA, but it is a self generated certificate that was generated during the installation of DA. I would like to generate a new certificate but dont know how.
 
You need to regenerate the certificate, there is no other way. Do a search for openssl and apache, and there are tons of places that explain exactly how to do it. Only this time, choose something longer than 1 year, so you won't have to do this again soon.
 
temporarily set up a domain the same as the servername, and use the DA control panel to get the cert ordered and installed.

Then once you've got the files, put the cert into this file: /usr/local/directadmin/conf/cacert.pem
chmod 644, root:root.

And the key into this file: /usr/local/directadmin/conf/cakey.pem
chmod 400, diradmin:diradmin

If you want the cert to also work for squirrelmail, then also install it here:

Put the cert into:
/etc/httpd/conf/ssl.crt/server.crt
chmod 400 root:root


and the key into:
/etc/httpd/conf/ssl.key/server.key
chmod 400 root:root

Now I've given away all my secrets :) .

If you don't want to do it yourself, see my commercial product offering here.

Jeff
 
temporarily set up a domain the same as the servername, and use the DA control panel to get the cert ordered and installed.
Click to expand...

How can you do this in my vs of DA I am told that you cannot use the same domain name as the server/host name.

I cant do your suggestion from HERE either because I am told you have to own the ip address to use that feature and you say to use the systems main IP which of course cannot be owned by the new user you have just created.
 
It doesn't matter what IP you use when you create the cert.

You can temporarily set up a domain the same name as the hostname for the few minutes it takes to get the CSR and the private key, and then delete it.

Jeff
 
I think I tried that and it told me I couldnt use the server host name.
 
You must log in or register to reply here.
Back
Top