Ok - it's all working now. :)
After taking the advice from one of the responses, I stopped all HTTPD and
APACHE apps from running (httpd stop, apachectl stop etc.) then killed all
the corresponding apps... THEN I did a shutdown and restart (cold boot)...
But it STILL showed the old certificate. :S But I checked it today,
and the new one is somehow magically installed.
I don't get it. But it's working. If it ain't broke, don't fix it.
Maybe for future reference someone can tell me why this might have happened?
Perhaps I had to restart the machine I was working on... maybe it's stored
in cache or something here... h. Dunno.
Thanks for your help anyway.
Regards,
Jared Pritchard.
-Original Message-
From: Jared Pritchard [mailto:[EMAIL PROTECTED]
Sent: Friday, 28 November 2003 4:11 PM
To: Slug List
Subject: [SLUG] Security Certifacte
Hello.
Our security certificate is going to expire on the 11-12-03.
I'm new to this business since the original was implemented. Back then, it
was done via Equifax.
The old keys etc. went under the default names of 'server.key'
'server.crt' and so on
I have generated a new key for the business and named it
'waterexchange.key' to make it a bit easier to identify (our website is
www.waterexchange.com.au)
Then I generated a Certificate Request sent that off to GeoTrust who then
generated the signed certificate.
Then I installed that certificate under 'waterexchange.crt' -
So far so good. Using the openssl I can read the certificate and all the
output seems fine. It has all our details such as the common name etc. as it
should be.
Now -
I have edited the httpd.conf file to point to the new files as above, then
restarted apache httpd using
apachectl restart
httpd restart
...
...
...
In theory, this should set the new certificates in motion ??
But a quick test on the webpage (change http:// to https://) by opening the
certificate info still displays the old stuff.
I thought somehow it might store that info in cache so I tried on other
computers that had never been to the site (at least not the ssl areas)-
tried all
sorts of things - nothing. Old cert.
So I tried =
apachectl stop
apachectl start
and the corresponding commands for httpd but still nothing...
Any ideas???
We are running RedHat / Apache / MOD SSL
I think it's RedHat 7.3 (Had to be for a RADIUS server)
Apache is V 1.3.23-11
openssl is V 0.9.6b-18
Does the original certificate have to run out first??? =
If so - how does that work? If we've referenced to the new certs shouldn't
it load those details...
unless there's a central registry or something...? Perhaps at GeoTrust.?
Anyway - I;m lost any help will be greatly appreciated. : )
A point in the right direction even?
Regards,
Jared Pritchard
Waterexchange Pty. Ltd.
-- next part --
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 2736 bytes
Desc: not available
Url : http://lists.slug.org.au/archives/slug/attachments/20031128/69988264/=
winmail.bin
--
SLUG - Sydney Linux User's Group - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug