• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

securitywing

Menu
  • About
  • Must Read
      • IIS Performance Boost
      • RFID Security
      • Web App Security Testing
      • How to Secure Home Network
      • Prevent Cross-Site Scripting Attacks
      • Renew Self-Signed Certificates
      • Penetration Testing Tools
      • VPN Concentrator
      • Forensic Investigation Tools
      • Digital Certificates
      • Cloud Security Issues
      • Advanced Evasion Prevention
      • Firewall Types
      • Tips to Prevent Data Exfiltration
      • Classified Info Handling
      • MySQL Security
      • Definition of 7 Types of Malware
      • VOIP Security
      • Why Antivirus Software Fails
      • 15 Network Security Vulnerabilities
      • Web App Security
      • IT Security Standards
      • Types of Virtualization
      • Android Security
      • Digital Signature
      • Advanced Malware Protection
    • Close
  • Consultancy
  • Contact

How to Renew Self-Signed SSL Certificate with OpenSSL Tool in Linux

by wing

OpenSSL is a free and open-source SSL solution that anyone can use for personal and commercial purpose. Though it is free, it can expire and you may need to renew it. This post will you how to renew self- signed certificate with OpenSSL tool in Linux server.

What do I need to know to renew my OpenSSL cert?                              

You must know the location of your current certificate that has expired and the private key. Since most of the Linux server admin like to put the cert files in the /etc/apache2/ssl directory, you can have a look at there for your existing cert file and the private key.

If you do not know your private key, do not worry because you can create a new one using the following command:

openssl genrsa -out /etc/apache2/ssl/mynew.key 2048

 

To renew the secure socket layer (SSL) cert, you need to follow two steps: create a CSR (certificate signing request) and generate the certificate with your private key. Remember that you must need a private key before creating your CSR.

Scenario: for example, you have a certificate called apache.crt which has been expired and you want to renew it for the next 365 days.

The complete procedures you need to follow:

  1. Create a certificate signing request with the following command:

openssl req -new -key /etc/apache2/ssl/mykey.key -out /etc/apache2/ssl/new.csr

  1. Check your certificate signing request information using the following commnd:

openssl req -in /etc/apache2/ssl/new.csr -noout –text

 

Before creating the new cert just rename the apache.crt file located in  /etc/apache2/ssl so that you do not have to change anything the apache configuration file.

openssl x509 -req -days 365 -in /etc/apache2/ssl/new.csr -signkey /etc/apache2/ssl/mykey.key -out /etc/apache2/ssl/apache.crt

Note: in the above command 365 is the number of days after which your new certificate will expire. The name of key file is mykey.key and the name of certificate file is apache.crt. You need to change the name of bot the key and the CRT file name to match your existing certificate and the key file.

Next, restart apache2 server with the following command:

service apache2 restart

Finally, test the new expiry data of your certificate

openssl x509 -in /etc/apache2/ssl/apache.crt -noout -enddate

Related Posts:

  • How to Setup SSL in AWS application load balancer for WordPress
  • How to install a new Godaddy SSL Wildcard Certificate

Filed Under: Internet Security and Safety Tagged With: openssl, renew, SSL

Primary Sidebar

CISSP Sample Test

Take a CISSP Sample Test

CISA IT governance Sample test



Twitter Follow @securitywing

Categories

  • AWS
  • containers
  • Internet Security and Safety
  • IS Audit
  • IT Security Exams
  • Network Security Tips
  • Off Track
  • Telecom
  • Tutorial

Pages

  • About
  • Best IT Security Certification Exam
  • CISA IT governance Sample test
  • CISA Sample Test
  • CISSP Sample Test Online
  • Consultancy
  • Contact

Popular Posts

  • 8 Effective Ways to Impro...
  • 3 Steps to Install Miniku...
  • Yahoo Mail Security Setti...
  • How to Setup AWS CloudFro...
  • 3 Simple Steps to Capture...
  • How to Configure AAA (TAC...
  • 5 Steps to Setup a Nexus3...
  • How to Install AWS CLI an...
  • How to Configure SNMP in...
  • What is Digital Certifica...

Footer

Copyrights

Protected by Copyscape Duplicate Content Detection Software

Securitywing.com reserves the copyrights of all of its published articles.No contents of this site is permitted to be published to anywhere else in the Internet.If any contents are found in any other websites, securitywing reserves the rights to file a DMCA complaint. But you have the right to use the link of any relevant article of this site to point from your website if you consider that it might improve the quality of your article.

Tags

antivirus audit AWS backup browser check cisco cloud computer cyber data database encryption firewall home hsrp ids informaiton internet intrusion it kubernetes linux load balancing malware network protection putty risk router security security tips server ssh SSL switch tools virus vpn vulnerability web webserver website windows wordpress

Copyright © 2010-2023 ·All Rights Reserved · SecurityWing.com