Maurizio Marini wrote:
Hello
I have this very old installation:
389-ds-1.1.3-5.fc12.noarch
389-ds-console-doc-1.2.0-5.fc12.noarch
389-ds-base-1.2.5-1.fc12.i686
389-ds-console-1.2.0-5.fc12.noarch
389-console-1.1.3-5.fc12.noarch
389-admin-console-1.1.4-2.fc12.noarch
389-dsgw-1.1.4-1.fc12.i686
389-admin-console-doc-1.1.4-2.fc12.noarch
389-adminutil-1.1.8-4.fc12.i686
389-admin-1.1.10-1.fc12.i686
into an old FC12.
Now certs under /etc/httpd/alias
are expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Mon Mar 01 10:50:54 2010
Not After : Sat Mar 01 10:50:54 2014
Subject: "CN=localhost4.localdomain4,O=example.com,C=US"
and I have this error into log:
[error] SSL Library Error: -8181 Certificate has expired
the it suggests to
" Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the
prob lem can be resolved."
I did, and it works.
Now I wonder how can I renew that expired cert.
I have googled around but I have not found any simple to re-create the cert.
I find this
http://directory.fedoraproject.org/wiki/Howto:SSL
but it is not so easy to regenerate an expired certificate.
Is there something simpler?
Can you help me?
It very much depends on where the original certificate came from. Where
did it come from originally? Do you have a CA somewhere?
It also depends on whether you want to retain the same private key.
rob
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
