- To hell with the pig... I'm going to Switzerland.

SSL Certificate Expiration (Friday, March 16, 2007)

Well, leave it to me to go three days without noticing that my SSL certificate for had expired. So, I go to renew it — it's signed by my own root CA, so this should be quick and painless. When I realize that the toolkit I have for creating and signing certificates with OpenSSL, doesn't actually contain a script or explanation for renewing an expired certificate. After much screwing around, I was fortunate to come across an explanation on Mark Foster's site, which includes a script for renewing server certificates. Basically you have to revoke the old cert, and then re-sign it. I knew it was something like that, but Mark kindly made it clear. And now that I have the tools, and have recorded the process in my engineering notebook, I'll be well prepared to deal with this in 364 days, when I need to do it all over again!

—Brian (3/16/2007 01:40 AM)


No comments.

(no html)

Disclaimer: Opinions on this site are those of Brian Ziman and do not necessarily
reflect the views of any other organizations or businesses mentioned.