[389-users] help with cert expired
Maurizio Marini
maumar at cost.it
Tue Mar 11 11:30:53 UTC 2014
Hello
I have this very old installation:
389-ds-1.1.3-5.fc12.noarch
389-ds-console-doc-1.2.0-5.fc12.noarch
389-ds-base-1.2.5-1.fc12.i686
389-ds-console-1.2.0-5.fc12.noarch
389-console-1.1.3-5.fc12.noarch
389-admin-console-1.1.4-2.fc12.noarch
389-dsgw-1.1.4-1.fc12.i686
389-admin-console-doc-1.1.4-2.fc12.noarch
389-adminutil-1.1.8-4.fc12.i686
389-admin-1.1.10-1.fc12.i686
into an old FC12.
Now certs under /etc/httpd/alias
are expired
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Mon Mar 01 10:50:54 2010
Not After : Sat Mar 01 10:50:54 2014
Subject: "CN=localhost4.localdomain4,O=example.com,C=US"
and I have this error into log:
[error] SSL Library Error: -8181 Certificate has expired
the it suggests to
" Add "NSSEnforceValidCerts off" to nss.conf so the server can start until the
prob lem can be resolved."
I did, and it works.
Now I wonder how can I renew that expired cert.
I have googled around but I have not found any simple to re-create the cert.
I find this
http://directory.fedoraproject.org/wiki/Howto:SSL
but it is not so easy to regenerate an expired certificate.
Is there something simpler?
Can you help me?
My best rgards
Maurizio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5785 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20140311/aac23e73/attachment.p7s>
More information about the 389-users
mailing list