Blog Archives

Renew a self-signed certificate with Eisfair

Go to Service Administration->Certs Service->Manage certificates. The script provides a menu to select the certificate and the its operations. Choose the certificate (1), like webserver or mailserver. Choose option 11 to renew the certificate request. Follow the screen output. Select 12 to sign the request with the CA certificate. Choose option 14 to create a new certificate and to copy it on the right place. Restart your webserver or mailserver process (/etc/init.d/).

If you have one certificate for multiple namebased hosts on your webserver, you shouldn’t select option 12. Instead follow the instructions on this blog entry: .

SSL certificates for namebased virtual hosts

I have read a post on Waffel’s Blog how you can setup a certificate for multiple namebased servers on Apache. It is simple to manage within Eisfair.

  • Choose “Service Administration” -> “Certs service” and select “Manage certificates”.
  • Now enter “1” for key type and choose your webserver.
  • Select “11” to create a new certificate request. The request will be stored to /usr/local/ssl/csr/apache.csr.
  • Open another terminal and switch to /usr/local/ssl
  • Create an extension file extension.txt using vi, as described in Waffel’s blog and enter your server names at the end.
  • Execute openssl x509 -req -days 365 -in apache.csr -signkey private/apache.key -out newcerts/apache.crt -extfile extension.txt -extensions mydomain_http
  • Select “14” (Manage certificates) to create a .pem file from the new certificate.
  • Use apache as SSL_CERT_NAME on the Apache configuration for every virtual server which you have included into extension.txt