I want to expire this cert today. What is the right command?
so i can delete this cert after.
SSL / HTTPSLinuxLinux Security
Last Comment
Dave Howe
8/22/2022 - Mon
Dave Howe
you can't. the cert was issued with those dates, if you issue a new cert with the new dates, it will have no effect on the prior cert.
if you wish to *revoke* a cert, that's a different function; however, a CA cert can't be revoked (as it isn't signed by anything higher to revoke it with)
linuxperson
ASKER
I changed the hostname on the server and IP address.
what i need to do with the CA cert since these information are different from the time the CA cert was created.
Dave Howe
ok. so what you need to issue is a new end node cert, not a new CA cert. the way it works is that the CA is a self-signed cert that never changes, and the server cert (if I recall, literally called servercert.pem) can be updated to reflect the new name and IP. take a look at the yast screens at https://www.suse.com/documentation/sles11/book_security/data/sec_security_yast_ca_module.html and in particular, the section 17.2.4 (creating or revoking user certificates) - this can be used to issue a new user (server) certificate for your webserver, ldap etc.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
linuxperson
ASKER
I installed SUSE 11 SP3 and converted to template. from the template i created a new VM called ldap01.example.com, template had CA and Server cert. now for new VM ldap01.example.com, can i use existing CA cert and create new server cert?
I was under impression I have recreate both CA and Server cert for this VM.
Dave Howe
no. you keep the CA cert (which won't run out for a decade or so :D) and issue new server certs. In fact, you can use ONE CA to issue all the server certs on your network, that way you only need to import the CA into browsers and stuff once, instead of importing multiple CAs.
linuxperson
ASKER
If I am right, i keep the same CA but create a new server cert.
when i export i should be exporting the server cert right.
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
if you wish to *revoke* a cert, that's a different function; however, a CA cert can't be revoked (as it isn't signed by anything higher to revoke it with)