[196] in Project_DB
certificates renewal
daemon@ATHENA.MIT.EDU (Michal N Lusztig)
Wed Aug 20 15:43:00 1997
To: project-db@MIT.EDU
Date: Wed, 20 Aug 1997 15:42:41 EDT
From: Michal N Lusztig <miki@MIT.EDU>
The server certificates installed on the PDB web servers (ops-5 and arachne)
have an expiration date. Last week the web server on arachne stoped functioning
because the certificate expired. I was out of town so Bruce Lewis had to figure
out how to get a new certificate. To make it easier for next time, I added a
file called README.server-certificate on /var/ssl on arachne and ops-5. The
readme file :
- writes in plain English what is the date when the certificate
installed expires
- details the procedure for getting a new certificate
Attached is the README.server-certificate from arachne, our main PDB server
-------------------------------------------------------------------------------
-----------------------------------------------------------------------------
To get a certtificate for an apache-ssl server (or to renew it) for servername:
------------------------------------------------------------------------------
generate rsa key
-----------------
cd /var/ssl/bin
ps >/tmp/foo
ps -elf >>/tmp/foo
(generate some random stuff)
cd /var/ssl/bin
genrsa - rand /tmp/foo -out /var/ssl/private/https-key.pem 1024
generate request for certificate
---------------------------------
cd /var/ssl/bin
req -key /var/ssl/private/https-key.pem -new >/tmp/req.pem
at questions answer
YOUR name = name of the server(servrename)
email address =
challenge passwd (anything you choose)
cut from req.pem the part from BEGIN to END
send it to jis@mit.edu
you get a certificate (between BEGIN and END)
save it under /var/ssl/certs/servername.pem
-----------------------------------------------
to look at servername.pem certificate
/var/ssl/bin/x509 -in /var/ssl/certs/servername.pem -text
to look at key
/var/ssl/bin/rsa -in /var/ssl/private/https-key.pem -text
arachne certificate expires on February 11 1998
