Extending Certificate Life
Novell Cool Solutions: Tip
By Veli-Matti Luotonen
Digg This -
Posted: 26 Oct 2005
A reader asked about the following problem:
"I noticed that after one year of functioning properly, eGuide started to give certificate errors to users: 'The security certificate has expired or is not yet valid'. I also noticed that in C:\Program Files\Novell\Apache\conf\ssl directory (Windows platform) there are files such as server.crt and server.der.crt and server.key. Those crt files are expired, as they were made effective on the install date and should last for one year.
How can I replace these certificates with new ones, without reinstalling eGuide and iManager?"
And here's a helpful tip from V.M. Luotonen ...
This tip is based on the Apache/SSL article at:
1. In the C:\Program files\Novell\Apache\Bin directory, find the openssl.exe application.
2. Make a certificate request as follows:
OpenSSL> req -config openssl.cnf -new -out server.csr
For the Common Name, use the name of your web server - either with the IP address or DNS name - whatever method your users use to connect.
3. Remove passhrase from private key as follows:
OpenSSL> rsa -in privkey.pem -out server.key
4. Create a self-signed certificate:
OpenSSL> x509 -in my-server.csr -out server.crt -req -signkey server.key -days 3650
Using the example above, now your certificate is valid for 10 years!
5. Copy the server.key and server.crt files to C:\Program files\Novell\Apache\conf\ssl
6. Restart Apache.
Your users will no longer get the "Certificate has expired or is not yet valid" messages.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com