How do I update the server ssl certificate?

[PermaNoob]

I saw a reference in the forums to an SSL tab in IspConfig, but I can't locate it.

The reason is I've been getting Server Certificate Expired errors in Thunderbird, and I suspect it's because the certificate expiration was January, 2008, so I probably just need to reset the date.

[till]

Very service has its own cert. For the webinterface, take a look here:

http://www.howtoforge.com/forums/sho...58&postcount=4

For SMTP, take a look at the perfect setup guide for your linux distribution.

[PermaNoob]

I ran this code from the first link: http://www.howtoforge.com/forums/sho...58&postcount=4

Quote:

openssl genrsa -des3 -passout pass:yourpassword -out /root/ispconfig/httpd/conf/ssl.key/server.key2 1024
openssl req -new -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.csr/server.csr -days 365
openssl req -x509 -passin pass:yourpassword -passout pass:yourpassword -key /root/ispconfig/httpd/conf/ssl.key/server.key2 -in /root/ispconfig/httpd/conf/ssl.csr/server.csr -out /root/ispconfig/httpd/conf/ssl.crt/server.crt -days 365
openssl rsa -passin pass:yourpassword -in /root/ispconfig/httpd/conf/ssl.key/server.key2 -out /root/ispconfig/httpd/conf/ssl.key/server.key
chmod 400 /root/ispconfig/httpd/conf/ssl.key/server.key

and got nothing but errors.

Can someone who has done this successfully write noob instructions?

I just need to change the date on the certificate.

[geoffmerritt]

Don't know if I am stating the obvious, I assume that you replaced "yourpassword" with your password

And when I did the initial installation I also change the 365 to 3650 to last 10 years instead of 1

[PermaNoob]

Quote:

Originally Posted by geoffmerritt

Don't know if I am stating the obvious, I assume that you replaced "yourpassword" with your password

And when I did the initial installation I also change the 365 to 3650 to last 10 years instead of 1

By noob instructions I mean instructions where nothing is assumed, which I know is difficult for many of you guys.

Replacing "yourpassword" is not obvious because part of the script might replace it for you.

Should it be a password created for the certificate, the ISPConfig password, or the server root password?

I'm also unsure about the line breaks in the commands.

Access was denied for some commands--do the files have to be chmod'd for write permission or should all the old certificate files just be deleted?

Really, I just need step-by-step instructions by someone who has done it successfully, and I doubt that I'm the only one.

[till]

You have to run the commands as root user. The commands are complete and they work even if you dont replace yourpassword with your own password, its just not very secure if you dont replace it.

As a side node: If you tell us that something does not work and you do not post the error messages, nobody is able to help you.

[PermaNoob]

OK, got it to work.

The script didn't run because notepad was screwing up the line breaks. I switched to gizmo and that fixed that.

Also I was trying to run the whole script at once instead of running it line-by-line. Once I ran it one line at a time, the date changed on the certificate.

For other noobs, restart ISPConfig with /etc/init.d/ispconfig_server restart