Question

21

How do I re-issue OpenSSL snakeoil cert?

rated 0 times [ 21] [ 0] / answers: 1 / hits: 8367 / 2 Years ago, sun, march 13, 2022, 1:52:26

In light of the recent heartbleed fiasco and whatnot I too have been scrambling to up security on some servers. My question is how do I reissue the Snakeoil cert that comes with Openssl?

The cert that it is currently using was issued in 2012, so clearly before this incident. So it seems like the protocol here is to reissue all certs and I cant find info on how to do so for snakeoil.

I am the only one who uses that cert, for PHPmyadmin, so do I even need to update it?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

deringach

Add To Favorites

Follow

Total Points: 412

Total Questions: 107

Total Answers: 101

Location: Palestine

Member since Tue, Jul 20, 2021

3 Years ago

deringach questions

1 Tiny cursor in Firefox snap

Sat, Oct 30, 21, 17:38, 3 Years ago

1 How uninstall GitHub CLI in ubuntu 20.04

Fri, Oct 21, 22, 16:34, 2 Years ago

1 How to preserve mysql 5.7 install, avoiding future upgrade to mysql 8

Tue, Feb 1, 22, 07:45, 2 Years ago

1 Disable RST for Installing ubuntu 20.4 Dual boot

Tue, Feb 15, 22, 22:33, 2 Years ago

1 Kubuntu failed to run Davinci Resolve

Tue, Feb 7, 23, 03:57, 1 Year ago

View All

answered 2 Years ago tresein · Accepted Answer

You can use this one-liner to regenerate both files in one shot. You'll need to restart Apache after the cert has been re-created.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem

If you're at all concerned about security (and you should be), then you should regenerate certificates on all affected critical servers, followed by an exhaustive service restart or a system reboot.

If you're just running a play-around box on your LAN that's one thing, but anything you've got on the internet you should definitely reissue.