I had set up my self signed certificates to get SSL for my (Centos 7) viking server.
After one year they did expire and now they had to be renewed and I will never remember howto do it so that is why I write it down here:
Step 1:
Find your certificates:
Code: Select all
grep SSLCertificate /etc/httpd/conf.d/ssl.conf
This will come up with something like this:
Code: Select all
# Point SSLCertificateFile at a PEM encoded certificate. If
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
# Point SSLCertificateChainFile at a file containing the
# the referenced file can be the same as SSLCertificateFile
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
Here we are interested in the SSLCertificateFile and SSLCertificateKeyFile directives (ca.crt and ca.key in this case).
Step 2
Check the permissions of the files:
Code: Select all
ls -lh /etc/pki/tls/certs/ca.crt
Code: Select all
ls -lh /etc/pki/tls/private/ca.key
They are owned by root and can only be read and written to by root (permission 600). Your new files will need the same permissions when you’re done.
Step 3
Create the New Self-Signed Certificate and Key Files - as root:
Code: Select all
openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/ca.crt -keyout /etc/pki/tls/private/ca.key
If you want your certificate to last longer than one year this would be the place to do it....
Step 4
Restart your server:
Code: Select all
sudo systemctl restart httpd
It's as easy as that