Ask Your Question
0

Certwatch warning does not contain path

asked 2018-01-20 03:54:06 -0600

mikkol gravatar image

I have started receiving warnings about expired certificates from the daily cron-run certwatch script. The warnings come from the section certificates in the database. Three certificates have expired, and for each of them, certwatch provides only the nickname of the certificate:

################# SSL Certificate Warning ################

Certificate for hostname 'Certificate Shack', in file (or by nickname): cacert

The certificate needs to be renewed; this can be done using the 'genkey' program.

Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed.

##########################################################

There is not a single file in the system with the name cacert, so the certificate is stored in some other container than a file by that name. How do I regenerate the certificate, who uses it, and how do I make certwatch give me paths?

Thank you.

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted
0

answered 2018-01-31 07:28:43 -0600

mikkol gravatar image

Certwatch looks for certificates in files and also in a database called NSS. To find the directory where the NSS database is, enter /usr/bin/gawk '/^NSSCertificateDatabase/ { print $2 }' /etc/httpd/conf.d/nss.conf in the terminal.

To renew the certificate, enter genkey --days <days for the certificate to be valid> --renew <name of the certificate to renew> --nss.

If it is a self-signed certificate, make sure not to send the certificate to a CA when genkey asks you about it.

As for Certificate Shack and Frank Alpha, these seem to be test certificates made by gencert.

edit flag offensive delete link more

Question Tools

1 follower

Stats

Asked: 2018-01-20 03:54:06 -0600

Seen: 207 times

Last updated: Jan 20 '18