Visit Our UNIX and Linux User Community


Self signed ca-bundle.crt expired


 
Thread Tools Search this Thread
Homework and Emergencies Emergency UNIX and Linux Support Self signed ca-bundle.crt expired
# 1  
Old 08-04-2014
Self signed ca-bundle.crt expired

Hi,

I have an issue with openssl. Basically I have a ca certificate which has expired and I have regenerated a new ca.cert from the ca.key file and I have concatenated the output of the new ca.crt file and ca-bundle.crt to a new ca-bundle.crt.

Have restarted apache, however I still get the message

Error 10 : certificate has expired.

Following are my config details

Code:
OS : Mandrake Linux release 9.1 (Bamboo) for i586 
Apache : apache2-2.0.47-1.9.91mdk
Openssl : openssl-0.9.7a-1.3.91mdk

My updated ca.cert file has the following validity

Code:
[root@Server1 root]# openssl x509 -in /etc/ssl/ca/ca.crt -noout -text | grep -A2 -i valid
        Validity
            Not Before: Apr 28 09:23:45 2014 GMT
            Not After : Apr 25 09:23:45 2025 GMT

And the ca-bundle has the following validity

Code:
[root@Server1 root]# openssl x509 -in /etc/ssl/ca/ca-bundle.crt -noout -text | grep -A2 -i valid
        Validity
            Not Before: Aug  6 08:19:21 2003 GMT
            Not After : Aug  3 08:19:21 2014 GMT

When I verify a certificate which was signed by the CA ( prior to expiry ) I get the following error

Code:
[root@Server1 root]# openssl verify -CAfile /etc/ssl/ca/ca-bundle.crt -verbose /etc/ssl/apache/downweb1.crt
/etc/ssl/apache/downweb1.crt: /C=XX/ST=YYYY/L=abc/O=ACME International/OU=Sales/CN=SALES CA/emailAddress=bogus@sales.in
error 10 at 1 depth lookup:certificate has expired
OK

Any idea how to renew an expired CA bundle.

Thanks in advance
This User Gave Thanks to maverick_here For This Post:
# 2  
Old 08-05-2014
I would not cat the new certificate onto the end of the old certificate. I would rename the old certificate to a save file. Then I would just move the new certificate in place.
This User Gave Thanks to Perderabo For This Post:

Previous Thread | Next Thread
Test Your Knowledge in Computers #443
Difficulty: Easy
FHM, a men's lifestyle magazine, asked 1,344 women if they preferred to hang out with a computer science expert or a footballer, and 1,023 (76.116%) stated they preferred geeks over athletes.
True or False?

10 More Discussions You Might Find Interesting

1. OS X (Apple)

Unsigned to signed, error?...

Hi guys... Macbook Pro, 13", circa August 2012, OSX 10.7.5, default bash terminal. I require the capability to convert +32767 to -32768 into signed hex words... The example piece code below works perfectly except... #/bin/bash # sign.sh # Unsign to sign... while true do # I have used... (2 Replies)
Discussion started by: wisecracker
2 Replies

2. Shell Programming and Scripting

How to extract certs from apache ca-bundle.crt file?

Apache web server reads Certificate Authority(CA) certs from ../cert/ca-bundle.crt file for SSL authentication. It has all certs in PEM format and no way to know exactly what they are. I want to get each cert seperated by boundary strings into a file and feed it to "keytool" command to see what... (7 Replies)
Discussion started by: kchinnam
7 Replies

3. Programming

Signed and unsigned intergers

when a date type is considered signed and unsigned is that simple referring to - for signed and positive numbers for unsigned? Further if that is the case would mutiplying and dividing ect where 2 signed numbers, like (-2)*(-2) = 4 result in a unsigned. (3 Replies)
Discussion started by: Fingerz
3 Replies

4. Programming

[ASM] Adding SIGNED numbers?

Hi guys, I want to add a list of SIGNED numbers... but I don't know how to tell the computer to ADD THEM as signed, let me explain further: when adding 200 + (-100) , it becomes 100, but in asm the computer always add them as unsigned, so I always get the 300. Do I have to add them in a... (4 Replies)
Discussion started by: lamachejo
4 Replies

5. UNIX for Advanced & Expert Users

"Signed Linux" - Only executing signed programs

Hey folks, not sure whether this or the security board is the right forum. If I failed, please move :) So here's the problem: I need to build a Linux environment in which only "signed" processes are allowed to run. When I say signed I don't mean a VeriSign signature like you know it from... (5 Replies)
Discussion started by: disaster
5 Replies

6. Solaris

Blank screen on crt

Hello I'm new in sun and i have a liitle problem. I buy sun enterprise 420r and connect keyboard and monitor crt (non Sun). But when i start server i have blank screen on crt. I'm new in sun servers and i dont know why its doin this. (11 Replies)
Discussion started by: elmik
11 Replies

7. UNIX for Dummies Questions & Answers

So, like, I signed on with a new hosting company...

... and there was absolutely nothing installed except fedora and ssh. I used yum to install vsftp and httpd, both start and ps shows they're running, and yet I can't connect with either of them. Where on earth or in redhat do I begin looking to unravel this one? I've overseen a server before but... (3 Replies)
Discussion started by: Bobby
3 Replies

8. Shell Programming and Scripting

please can any one help me bundle several files into one

#!/bin/sh #call function from loop filevalidate() { case $# in 0) echo "usage enshar file1 file2 ... > outputfile ! " >/deb/sterr ;; *) for filename do if ; then echo "invalid pathname > try bin " $filename >/dev/stderr exit 1 fi if ; then echo "is a directory!"... (5 Replies)
Discussion started by: swissnez
5 Replies

9. UNIX for Dummies Questions & Answers

Cannot backspace on my session in CRT

Hi, when I make a mistake and then try to backspace I am unable to do so . Can someone please suggest How I can correct this on my session For Eg: pwd^H^H^H Thanks rooh (2 Replies)
Discussion started by: rooh
2 Replies

10. UNIX Desktop Questions & Answers

change CRT resolution

Hello I want change my CRT resolution from 1152x900x** to 1280x1024x75 on a Solaris platform but I try "/usr/sbin/m64config" and "/usr/sbin/ffbconfig" command, the both commands failed :-( In the /dev/fbs/ directory there is juste one file : cgsix0 have you got a solution to my customer... (1 Reply)
Discussion started by: ggenevrier
1 Replies

Featured Tech Videos