Certwatch warning does not contain path

asked 2018-01-20 03:54:06 -0500

mikkol
73 ●1 ●3 ●8

I have started receiving warnings about expired certificates from the daily cron-run certwatch script. The warnings come from the section certificates in the database. Three certificates have expired, and for each of them, certwatch provides only the nickname of the certificate:

################# SSL Certificate Warning ################

Certificate for hostname 'Certificate Shack', in file (or by nickname): cacert

The certificate needs to be renewed; this can be done using the 'genkey' program.

Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed.

##########################################################

There is not a single file in the system with the name cacert, so the certificate is stored in some other container than a file by that name. How do I regenerate the certificate, who uses it, and how do I make certwatch give me paths?

Thank you.

edit retag flag offensive close merge delete

add a comment

answered 2018-01-31 07:28:43 -0500

mikkol
73 ●1 ●3 ●8

Certwatch looks for certificates in files and also in a database called NSS. To find the directory where the NSS database is, enter /usr/bin/gawk '/^NSSCertificateDatabase/ { print $2 }' /etc/httpd/conf.d/nss.conf in the terminal.

To renew the certificate, enter genkey --days <days for the certificate to be valid> --renew <name of the certificate to renew> --nss.

If it is a self-signed certificate, make sure not to send the certificate to a CA when genkey asks you about it.

As for Certificate Shack and Frank Alpha, these seem to be test certificates made by gencert.

edit flag offensive delete link

add a comment

Certwatch warning does not contain path

1 Answer

Question Tools

Stats

Related questions

Certwatch warning does not contain path edit

1 Answer

Question Tools

Stats

Related questions

Certwatch warning does not contain path