[colug-432] self-signed cert on the main website.
Chris Punches
chris.punches at silogroup.org
Mon Feb 10 16:29:56 EST 2020
Thanks Russ,
On inspection of the cert being served as well, it looks like it was
issued in '13 and expired in '14, so yeah def not a new thing.
What I do on my sites is I will write a script that will update the
cert for each domain and then kick that off with a cron job when
configuration management is not feasible, and it just takes care of
itself.
Are we in a good spot for something like this? If we are I'd recommend
turning on HSTS or doing an 80->443 redirect to force SSL once it is in
place.
-C
On Mon, 2020-02-10 at 15:45 -0500, R P Herrold wrote:
> On Sat, 8 Feb 2020 00:23:33 -0500, Chris Punches <
> punches.chris at gmail.com> wrote:
>
> > Also I noticed today that we're now using a self-signed cert on the
> > main
>
> '... Now ...'
>
> Those keys have been there for years
>
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
>
> [root at www conf.d]# ls -al /etc/pki/tls/certs/localhost.crt
> /etc/pki/tls/private/localhost.key
> -rw-------. 1 root root 1188 Sep 24 2013
> /etc/pki/tls/certs/localhost.crt
> -rw-------. 1 root root 887 Sep 24 2013
> /etc/pki/tls/private/localhost.key
> [root at www conf.d]#
>
> -- Russ herrold
>
> _______________________________________________
> colug-432 mailing list
> colug-432 at colug.net
> http://lists.colug.net/mailman/listinfo/colug-432
More information about the colug-432
mailing list