Difference between revisions of "Certutil"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search| Line 1: | Line 1: | ||
| − | =  | + | Certutil is a utility put out my mozilla for handling SSL certificates. It is used on roentgen. | 
| + | |||
| + | = Problems = | ||
| + | |||
| + | Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem. | ||
| − | + |   532  man certutil | |
| + |   533  certutil --help | ||
| + |   534  certutil -H | ||
| + |   535  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   536  certutil -H | ||
| + |   537  ls | ||
| + |   538  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   539  cd /etc/httpd/alias/ | ||
| + |   540  ls | ||
| + |   541  certutil -d /etc/httpd/alias -L | ||
| + |   542  certutil -d /etc/httpd/alias -K | ||
| + |   543  certutil -d /etc/httpd/alias -L -n cacert | ||
| + |   544  certutil -d /etc/httpd/alias -K | ||
| + |   545  certutil -d /etc/httpd/alias -L -n alpha | ||
| + |   546  certutil -d /etc/httpd/alias -L -n cacert | ||
| + |   547  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   548  certutil -d /etc/httpd/alias -L | ||
| + |   549  certutil -d /etc/httpd/alias -L cacert | ||
| + |   550  certutil -d /etc/httpd/alias -L -n cacert | ||
| + |   551  certutil -d /etc/httpd/alias -L | ||
| + |   552  certutil -d /etc/httpd/alias -L -n cacert | ||
| + |   553  certutil -d /etc/httpd/alias -L -K | ||
| + |   554  certutil -d /etc/httpd/alias -K | ||
| + |   555  certutil  -d /etc/httpd/alias -R -k "NSS Certificate DB:cacert" -s "CN=Certificate Shack,O=example.com,C=US" -a -o cacert.req | ||
| + |   556  ls | ||
| + |   557  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req  -t "TCu,Cu,Cu" -m 1 -v 12 | ||
| + |   558  ls | ||
| + |   559  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 | ||
| + |   560  strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 | ||
| + |   561  strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 | ||
| + |   562  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 | ||
| + |   563  ls | ||
| + |   564  certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" | ||
| + |   565  vim cacert.crt  | ||
| + |   566  exit | ||
| + |   567  yum -y update | ||
| + |   568  exit | ||
| + |   569  tail -f /var/log/httpd/ssl_error_log | ||
| + |   570  tail -f /var/log/httpd/ssl_request_log  | ||
| + |   571  tail -f /var/log/httpd/error_log | ||
| + |   572  tail -f /var/log/httpd/ssl_access_log  | ||
| + |   573  tail -f /var/log/httpd/ | ||
| + |   574  exit | ||
| + |   575  ll /etc/init.d/*ssl* | ||
| + |   576  yum update | ||
| + |   577  screen | ||
| + |   578  reboot | ||
| + |   579  ls | ||
| + |   580  history | ||
| + |   581  certutil -d /etc/httpd/alias -L | ||
| + |   582  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   583  cp -r /etc/httpd/alias/ /etc/httpd/alias.bk | ||
| + |   584  cd /etc/httpd/alias | ||
| + |   585  ls | ||
| + |   586  certutil -d /etc/httpd/alias.bk -L | ||
| + |   587  certutil -D -d /etc/httpd/alias -n cacert | ||
| + |   588  certutil -d /etc/httpd/alias -L | ||
| + |   589  pwd | ||
| + |   590  ls | ||
| + |   591  certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" | ||
| + |   592  certutil -d /etc/httpd/alias -L | ||
| + |   593  certutil -d /etc/httpd/alias -L -n cacert | ||
| + |   594  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   595  ls | ||
| + |   596  certutil -d /etc/httpd/alias -K | ||
| + |   597  certutil  -d /etc/httpd/alias -R -k "NSS Certificate DB:Server-Cert" -c "CN=Certificate Shack,O=example.com,C=US" -s "CN=roentgen.unh.edu,O=example.com,C=US" -a -o Server-Cert.req | ||
| + |   598  certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 1 -v 12 | ||
| + |   599  certutil -D -d /etc/httpd/alias -n Server-Cert | ||
| + |   600  certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" | ||
| + |   601  certutil -d /etc/httpd/alias -L | ||
| + |   602  certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 3 -v 12 | ||
| + |   603  certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" | ||
| + |   604  certutil -d /etc/httpd/alias -L | ||
| + |   605  certutil -d /etc/httpd/alias -L -n Server-Cert | ||
| + |   606  cd .. | ||
| + |   607  ls | ||
| + |   608  cd conf | ||
| + |   609  ls | ||
| + |   610  cd ../conf.d/ | ||
| + |   611  ls | ||
| + |   612  vim nss.conf | ||
| + |   613  /etc/init.d/httpd restart | ||
| + |   614  vim nss.conf | ||
| + |   615  updatedb | ||
| + |   616  cd /etc/httpd/alias | ||
| + |   617  certutil -V -n cacert -u SR -e -l -d /etc/httpd/alias | ||
| + |   618  certutil -V -n alpha -u SR -e -l -d /etc/httpd/alias | ||
| + |   619  certutil -V -n Server-Cert -u SR -e -l -d /etc/httpd/alias | ||
| + |   620  shutdown -h now | ||
| + |   621  iptables -L -n | ||
| + |   622  exit | ||
Revision as of 15:59, 30 October 2012
Certutil is a utility put out my mozilla for handling SSL certificates. It is used on roentgen.
Problems
Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem.
532 man certutil 533 certutil --help 534 certutil -H 535 certutil -d /etc/httpd/alias -L -n Server-Cert 536 certutil -H 537 ls 538 certutil -d /etc/httpd/alias -L -n Server-Cert 539 cd /etc/httpd/alias/ 540 ls 541 certutil -d /etc/httpd/alias -L 542 certutil -d /etc/httpd/alias -K 543 certutil -d /etc/httpd/alias -L -n cacert 544 certutil -d /etc/httpd/alias -K 545 certutil -d /etc/httpd/alias -L -n alpha 546 certutil -d /etc/httpd/alias -L -n cacert 547 certutil -d /etc/httpd/alias -L -n Server-Cert 548 certutil -d /etc/httpd/alias -L 549 certutil -d /etc/httpd/alias -L cacert 550 certutil -d /etc/httpd/alias -L -n cacert 551 certutil -d /etc/httpd/alias -L 552 certutil -d /etc/httpd/alias -L -n cacert 553 certutil -d /etc/httpd/alias -L -K 554 certutil -d /etc/httpd/alias -K 555 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:cacert" -s "CN=Certificate Shack,O=example.com,C=US" -a -o cacert.req 556 ls 557 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 558 ls 559 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 560 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 561 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 562 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 563 ls 564 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" 565 vim cacert.crt 566 exit 567 yum -y update 568 exit 569 tail -f /var/log/httpd/ssl_error_log 570 tail -f /var/log/httpd/ssl_request_log 571 tail -f /var/log/httpd/error_log 572 tail -f /var/log/httpd/ssl_access_log 573 tail -f /var/log/httpd/ 574 exit 575 ll /etc/init.d/*ssl* 576 yum update 577 screen 578 reboot 579 ls 580 history 581 certutil -d /etc/httpd/alias -L 582 certutil -d /etc/httpd/alias -L -n Server-Cert 583 cp -r /etc/httpd/alias/ /etc/httpd/alias.bk 584 cd /etc/httpd/alias 585 ls 586 certutil -d /etc/httpd/alias.bk -L 587 certutil -D -d /etc/httpd/alias -n cacert 588 certutil -d /etc/httpd/alias -L 589 pwd 590 ls 591 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" 592 certutil -d /etc/httpd/alias -L 593 certutil -d /etc/httpd/alias -L -n cacert 594 certutil -d /etc/httpd/alias -L -n Server-Cert 595 ls 596 certutil -d /etc/httpd/alias -K 597 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:Server-Cert" -c "CN=Certificate Shack,O=example.com,C=US" -s "CN=roentgen.unh.edu,O=example.com,C=US" -a -o Server-Cert.req 598 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 1 -v 12 599 certutil -D -d /etc/httpd/alias -n Server-Cert 600 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" 601 certutil -d /etc/httpd/alias -L 602 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 3 -v 12 603 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" 604 certutil -d /etc/httpd/alias -L 605 certutil -d /etc/httpd/alias -L -n Server-Cert 606 cd .. 607 ls 608 cd conf 609 ls 610 cd ../conf.d/ 611 ls 612 vim nss.conf 613 /etc/init.d/httpd restart 614 vim nss.conf 615 updatedb 616 cd /etc/httpd/alias 617 certutil -V -n cacert -u SR -e -l -d /etc/httpd/alias 618 certutil -V -n alpha -u SR -e -l -d /etc/httpd/alias 619 certutil -V -n Server-Cert -u SR -e -l -d /etc/httpd/alias 620 shutdown -h now 621 iptables -L -n 622 exit
