Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
SSL question
nis02:/etc/ssl/certs # openssl x509 -noout -in YaST-CA.pem -dates
notBefore=Jun 19 03:42:53 2015 GMT
notAfter=Jun 16 03:42:53 2025 GMT
I want to expire this cert today. What is the right command?
so i can delete this cert after.
notBefore=Jun 19 03:42:53 2015 GMT
notAfter=Jun 16 03:42:53 2025 GMT
I want to expire this cert today. What is the right command?
so i can delete this cert after.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
you can't. the cert was issued with those dates, if you issue a new cert with the new dates, it will have no effect on the prior cert.
if you wish to *revoke* a cert, that's a different function; however, a CA cert can't be revoked (as it isn't signed by anything higher to revoke it with)
if you wish to *revoke* a cert, that's a different function; however, a CA cert can't be revoked (as it isn't signed by anything higher to revoke it with)
I changed the hostname on the server and IP address.
what i need to do with the CA cert since these information are different from the time the CA cert was created.
what i need to do with the CA cert since these information are different from the time the CA cert was created.
ok. so what you need to issue is a new end node cert, not a new CA cert. the way it works is that the CA is a self-signed cert that never changes, and the server cert (if I recall, literally called servercert.pem) can be updated to reflect the new name and IP. take a look at the yast screens at https://www.suse.com/documentation/sles11/book_security/data/sec_security_yast_ca_module.html and in particular, the section 17.2.4 (creating or revoking user certificates) - this can be used to issue a new user (server) certificate for your webserver, ldap etc.
I installed SUSE 11 SP3 and converted to template. from the template i created a new VM called ldap01.example.com, template had CA and Server cert. now for new VM ldap01.example.com, can i use existing CA cert and create new server cert?
I was under impression I have recreate both CA and Server cert for this VM.
I was under impression I have recreate both CA and Server cert for this VM.
no. you keep the CA cert (which won't run out for a decade or so :D) and issue new server certs. In fact, you can use ONE CA to issue all the server certs on your network, that way you only need to import the CA into browsers and stuff once, instead of importing multiple CAs.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial