Discussion:
[BlueOnyx:13219] Server certificate is expired: 'Server-Cert'
Colin Jack
2013-06-13 17:50:04 UTC
Permalink
Can anybody point me in the right direction please.

One of my servers had Apache die and wouldn't restart.
After a bit of digging I found that the error log showed:

[Thu Jun 13 18:41:19 2013] [error] Server certificate is expired: 'Server-Cert'

And further investigation showed:

[***@server1 conf.d]# certutil -d /etc/httpd/alias -L -n Server-Cert
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=Certificate Shack,O=example.com,C=US"
Validity:
Not Before: Thu Jun 11 02:34:49 2009
Not After : Tue Jun 11 02:34:49 2013
Subject: "CN=aventurin.smd.net,O=example.com,C=US"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:

I have a self-signed cert on the server/vps which doesn't expire until 2023 so not sure how to go about fixing this.
Obviously a different cert but how do I renew it?

I have disabled SSL in the meantime to get the server up and running but I need to restore it to full functionality.

Thanks

Colin
Dogsbody
2013-06-14 22:31:15 UTC
Permalink
Post by Colin Jack
One of my servers had Apache die and wouldn't restart.
[Thu Jun 13 18:41:19 2013] [error] Server certificate is expired: 'Server-Cert'
What machine is this on? It doesn't look like a 5108R!?

Dan
Colin Jack
2013-06-17 14:16:45 UTC
Permalink
5106R VPS on Aventurin{e}

Regards

Colin
-----Original Message-----
Sent: 14 June 2013 23:31
Subject: [BlueOnyx:13224] Re: Server certificate is expired: 'Server-Cert'
Post by Colin Jack
One of my servers had Apache die and wouldn't restart.
[Thu Jun 13 18:41:19 2013] [error] Server certificate is expired: 'Server-Cert'
What machine is this on? It doesn't look like a 5108R!?
Dan
_______________________________________________
Blueonyx mailing list
http://mail.blueonyx.it/mailman/listinfo/blueonyx
Michael Stauber
2013-06-17 18:36:06 UTC
Permalink
Hi Colin,
Post by Colin Jack
Can anybody point me in the right direction please.
One of my servers had Apache die and wouldn't restart.
[Thu Jun 13 18:41:19 2013] [error] Server certificate is expired: 'Server-Cert'
In /etc/httpd/conf.d/nss.conf add the following line:

NSSEnforceValidCerts off

Then restart Apache and you're good again.

When SSL is enabled, a self signed certificate is generated for Apache.
This cert eventually expires, although it's not really used for
anything, as the SSL sites have their own SSL certificates.

Still, Apache will complain if a cert is expired and then refuses to
start. The above option in nss.conf will allow Apache to start even
though a cert is expired.
--
With best regards

Michael Stauber
Colin Jack
2013-06-17 20:42:03 UTC
Permalink
Thanks Michael,
Post by Michael Stauber
Post by Colin Jack
[Thu Jun 13 18:41:19 2013] [error] Server certificate is expired: 'Server-Cert'
NSSEnforceValidCerts off
Then restart Apache and you're good again.
When SSL is enabled, a self signed certificate is generated for Apache.
This cert eventually expires, although it's not really used for
anything, as the SSL sites have their own SSL certificates.
Still, Apache will complain if a cert is expired and then refuses to
start. The above option in nss.conf will allow Apache to start even
though a cert is expired.
Yup - did that already to get it running again. Just wondered how I could get it back with a new vaild self cert certificate?
So I can ignore it? If so, I will do that on all my servers to avoid potential future hassle.

Regards

Colin

Continue reading on narkive:
Loading...