RE: [SLUG] Security Certifacte
Ok - it's all working now. :) After taking the advice from one of the responses, I stopped all HTTPD and APACHE apps from running (httpd stop, apachectl stop etc.) then killed all the corresponding apps... THEN I did a shutdown and restart (cold boot)... But it STILL showed the old certificate. :S But I checked it today, and the new one is somehow magically installed. I don't get it. But it's working. If it ain't broke, don't fix it. Maybe for future reference someone can tell me why this might have happened? Perhaps I had to restart the machine I was working on... maybe it's stored in cache or something here... h. Dunno. Thanks for your help anyway. Regards, Jared Pritchard. -Original Message- From: Jared Pritchard [mailto:[EMAIL PROTECTED] Sent: Friday, 28 November 2003 4:11 PM To: Slug List Subject: [SLUG] Security Certifacte Hello. Our security certificate is going to expire on the 11-12-03. I'm new to this business since the original was implemented. Back then, it was done via Equifax. The old keys etc. went under the default names of 'server.key' 'server.crt' and so on I have generated a new key for the business and named it 'waterexchange.key' to make it a bit easier to identify (our website is www.waterexchange.com.au) Then I generated a Certificate Request sent that off to GeoTrust who then generated the signed certificate. Then I installed that certificate under 'waterexchange.crt' - So far so good. Using the openssl I can read the certificate and all the output seems fine. It has all our details such as the common name etc. as it should be. Now - I have edited the httpd.conf file to point to the new files as above, then restarted apache httpd using apachectl restart httpd restart ... ... ... In theory, this should set the new certificates in motion ?? But a quick test on the webpage (change http:// to https://) by opening the certificate info still displays the old stuff. I thought somehow it might store that info in cache so I tried on other computers that had never been to the site (at least not the ssl areas)- tried all sorts of things - nothing. Old cert. So I tried = apachectl stop apachectl start and the corresponding commands for httpd but still nothing... Any ideas??? We are running RedHat / Apache / MOD SSL I think it's RedHat 7.3 (Had to be for a RADIUS server) Apache is V 1.3.23-11 openssl is V 0.9.6b-18 Does the original certificate have to run out first??? = If so - how does that work? If we've referenced to the new certs shouldn't it load those details... unless there's a central registry or something...? Perhaps at GeoTrust.? Anyway - I;m lost any help will be greatly appreciated. : ) A point in the right direction even? Regards, Jared Pritchard Waterexchange Pty. Ltd. -- next part -- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 2736 bytes Desc: not available Url : http://lists.slug.org.au/archives/slug/attachments/20031128/69988264/= winmail.bin -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Security Certifacte
On Fri, 2003-11-28 at 16:11, Jared Pritchard wrote: apachectl restart httpd restart Try stoping apache completely, ensure there are no running apache/httpd processes, then restarting. Cheers, Malcolm V. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
Re: [SLUG] Security Certifacte
On Fri, 28 Nov 2003, Jared Pritchard wrote: Hi, sounds like maybe you are editing the wrong config files and/or starting the wrong daemon.. ie httpsdctl and httpsd.conf We generate our own CA and certificates all the time and it might be that your apache is not reading the same file as you edited... Without seeing the directory and configuration files in their entirety its just guessing, but I hope this helps, cheers kind regards, Norman Hello. Our security certificate is going to expire on the 11-12-03. I'm new to this business since the original was implemented. Back then, it was done via Equifax. The old keys etc. went under the default names of 'server.key' 'server.crt' and so on I have generated a new key for the business and named it 'waterexchange.key' to make it a bit easier to identify (our website is www.waterexchange.com.au) Then I generated a Certificate Request sent that off to GeoTrust who then generated the signed certificate. Then I installed that certificate under 'waterexchange.crt' - So far so good. Using the openssl I can read the certificate and all the output seems fine. It has all our details such as the common name etc. as it should be. Now - I have edited the httpd.conf file to point to the new files as above, then restarted apache httpd using apachectl restart httpd restart ... ... ... In theory, this should set the new certificates in motion ?? But a quick test on the webpage (change http:// to https://) by opening the certificate info still displays the old stuff. I thought somehow it might store that info in cache so I tried on other computers that had never been to the site (at least not the ssl areas)- tried all sorts of things - nothing. Old cert. So I tried apachectl stop apachectl start and the corresponding commands for httpd but still nothing... Any ideas??? We are running RedHat / Apache / MOD SSL I think it's RedHat 7.3 (Had to be for a RADIUS server) Apache is V 1.3.23-11 openssl is V 0.9.6b-18 Does the original certificate have to run out first??? If so - how does that work? If we've referenced to the new certs shouldn't it load those details... unless there's a central registry or something...? Perhaps at GeoTrust.? Anyway - I;m lost any help will be greatly appreciated. : ) A point in the right direction even? Regards, Jared Pritchard Waterexchange Pty. Ltd. -- Epsilon-6! Ph:+612 8807-4780 Fax: +612 8807-4498 E-Solutions for BSD and Linux http://www.paladincorp.com.au/ -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
[SLUG] Security Certifacte
Hello. Our security certificate is going to expire on the 11-12-03. I'm new to this business since the original was implemented. Back then, it was done via Equifax. The old keys etc. went under the default names of 'server.key' 'server.crt' and so on I have generated a new key for the business and named it 'waterexchange.key' to make it a bit easier to identify (our website is www.waterexchange.com.au) Then I generated a Certificate Request sent that off to GeoTrust who then generated the signed certificate. Then I installed that certificate under 'waterexchange.crt' - So far so good. Using the openssl I can read the certificate and all the output seems fine. It has all our details such as the common name etc. as it should be. Now - I have edited the httpd.conf file to point to the new files as above, then restarted apache httpd using apachectl restart httpd restart ... ... ... In theory, this should set the new certificates in motion ?? But a quick test on the webpage (change http:// to https://) by opening the certificate info still displays the old stuff. I thought somehow it might store that info in cache so I tried on other computers that had never been to the site (at least not the ssl areas)- tried all sorts of things - nothing. Old cert. So I tried apachectl stop apachectl start and the corresponding commands for httpd but still nothing... Any ideas??? We are running RedHat / Apache / MOD SSL I think it's RedHat 7.3 (Had to be for a RADIUS server) Apache is V 1.3.23-11 openssl is V 0.9.6b-18 Does the original certificate have to run out first??? If so - how does that work? If we've referenced to the new certs shouldn't it load those details... unless there's a central registry or something...? Perhaps at GeoTrust.? Anyway - I;m lost any help will be greatly appreciated. : ) A point in the right direction even? Regards, Jared Pritchard Waterexchange Pty. Ltd. attachment: winmail.dat-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug