[colug-432] self-signed cert on the main website.

Chris Punches chris.punches at silogroup.org
Mon Feb 10 16:29:56 EST 2020


Thanks Russ,

On inspection of the cert being served as well, it looks like it was
issued in '13 and expired in '14, so yeah def not a new thing.

What I do on my sites is I will write a script that will update the
cert for each domain and then kick that off with a cron job when
configuration management is not feasible, and it just takes care of
itself.

Are we in a good spot for something like this?  If we are I'd recommend
turning on HSTS or doing an 80->443 redirect to force SSL once it is in
place.

-C

On Mon, 2020-02-10 at 15:45 -0500, R P Herrold wrote:
> On Sat, 8 Feb 2020 00:23:33 -0500, Chris Punches <
> punches.chris at gmail.com> wrote:
>  
> > Also I noticed today that we're now using a self-signed cert on the
> > main
> 
> '... Now ...'
> 
> Those keys have been there for years
> 
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
> 
> [root at www conf.d]# ls -al /etc/pki/tls/certs/localhost.crt 
> 	/etc/pki/tls/private/localhost.key
> -rw-------. 1 root root 1188 Sep 24  2013 
> 	/etc/pki/tls/certs/localhost.crt
> -rw-------. 1 root root  887 Sep 24  2013 
> 	/etc/pki/tls/private/localhost.key
> [root at www conf.d]#
> 
> -- Russ herrold
> 
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432



More information about the colug-432 mailing list