I had to update a self-signed SSL certificate for Apache today on an Ubuntu 12.04 server, as the old certificate had expired. I found a recipe for Debian which explained the process in a way that I was able to adapt to Ubuntu. Here is the complete process to renew your cert for another 365 days:
Change directories to the certificate location:
cd /etc/apache2/ssl
Generate a new key:
sudo openssl genrsa -out example.com.key 1024
Generate a certificate signing request:
sudo openssl req -new -key example.com.key -out example.com.csr
Generate a new certificate, by signing the CSR with the key:
sudo openssl x509 -req -days 365 -in example.com.csr \
-signkey example.com.key -out example.com.crt
Move the old key and certificate away, and copy the new key and certificate in:
sudo mv apache.key apache.key.old sudo cp example.com.key apache.key sudo mv apache.crt apache.crt.old sudo cp example.com.crt apache.crt
Restart the webserver:
sudo service apache2 restart
Now, load your website via SSL. You should be prompted to accept the untrusted certificate (not expired). Add the permanent exception, and you're good to go for another 365 days.
No comments:
Post a Comment
Comments welcome!