Difference between revisions of "Certutil"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
− | + | Certutil is a utility put out my mozilla for handling SSL certificates. It is used on roentgen. | |
− | + | = Problems = | |
+ | |||
+ | Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem. | ||
+ | |||
+ | At the moment this is just the 100 or lines from bash history that were involved in fixing the problem. An actual write up will follow. | ||
+ | |||
+ | 532 man certutil | ||
+ | 533 certutil --help | ||
+ | 534 certutil -H | ||
+ | 535 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 536 certutil -H | ||
+ | 537 ls | ||
+ | 538 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 539 cd /etc/httpd/alias/ | ||
+ | 540 ls | ||
+ | 541 certutil -d /etc/httpd/alias -L | ||
+ | 542 certutil -d /etc/httpd/alias -K | ||
+ | 543 certutil -d /etc/httpd/alias -L -n cacert | ||
+ | 544 certutil -d /etc/httpd/alias -K | ||
+ | 545 certutil -d /etc/httpd/alias -L -n alpha | ||
+ | 546 certutil -d /etc/httpd/alias -L -n cacert | ||
+ | 547 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 548 certutil -d /etc/httpd/alias -L | ||
+ | 549 certutil -d /etc/httpd/alias -L cacert | ||
+ | 550 certutil -d /etc/httpd/alias -L -n cacert | ||
+ | 551 certutil -d /etc/httpd/alias -L | ||
+ | 552 certutil -d /etc/httpd/alias -L -n cacert | ||
+ | 553 certutil -d /etc/httpd/alias -L -K | ||
+ | 554 certutil -d /etc/httpd/alias -K | ||
+ | 555 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:cacert" -s "CN=Certificate Shack,O=example.com,C=US" -a -o cacert.req | ||
+ | 556 ls | ||
+ | 557 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 | ||
+ | 558 ls | ||
+ | 559 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 | ||
+ | 560 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 | ||
+ | 561 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 | ||
+ | 562 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 | ||
+ | 563 ls | ||
+ | 564 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" | ||
+ | 565 vim cacert.crt | ||
+ | 566 exit | ||
+ | 567 yum -y update | ||
+ | 568 exit | ||
+ | 569 tail -f /var/log/httpd/ssl_error_log | ||
+ | 570 tail -f /var/log/httpd/ssl_request_log | ||
+ | 571 tail -f /var/log/httpd/error_log | ||
+ | 572 tail -f /var/log/httpd/ssl_access_log | ||
+ | 573 tail -f /var/log/httpd/ | ||
+ | 574 exit | ||
+ | 575 ll /etc/init.d/*ssl* | ||
+ | 576 yum update | ||
+ | 577 screen | ||
+ | 578 reboot | ||
+ | 579 ls | ||
+ | 580 history | ||
+ | 581 certutil -d /etc/httpd/alias -L | ||
+ | 582 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 583 cp -r /etc/httpd/alias/ /etc/httpd/alias.bk | ||
+ | 584 cd /etc/httpd/alias | ||
+ | 585 ls | ||
+ | 586 certutil -d /etc/httpd/alias.bk -L | ||
+ | 587 certutil -D -d /etc/httpd/alias -n cacert | ||
+ | 588 certutil -d /etc/httpd/alias -L | ||
+ | 589 pwd | ||
+ | 590 ls | ||
+ | 591 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" | ||
+ | 592 certutil -d /etc/httpd/alias -L | ||
+ | 593 certutil -d /etc/httpd/alias -L -n cacert | ||
+ | 594 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 595 ls | ||
+ | 596 certutil -d /etc/httpd/alias -K | ||
+ | 597 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:Server-Cert" -c "CN=Certificate Shack,O=example.com,C=US" -s "CN=roentgen.unh.edu,O=example.com,C=US" -a -o Server-Cert.req | ||
+ | 598 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 1 -v 12 | ||
+ | 599 certutil -D -d /etc/httpd/alias -n Server-Cert | ||
+ | 600 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" | ||
+ | 601 certutil -d /etc/httpd/alias -L | ||
+ | 602 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 3 -v 12 | ||
+ | 603 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" | ||
+ | 604 certutil -d /etc/httpd/alias -L | ||
+ | 605 certutil -d /etc/httpd/alias -L -n Server-Cert | ||
+ | 606 cd .. | ||
+ | 607 ls | ||
+ | 608 cd conf | ||
+ | 609 ls | ||
+ | 610 cd ../conf.d/ | ||
+ | 611 ls | ||
+ | 612 vim nss.conf | ||
+ | 613 /etc/init.d/httpd restart | ||
+ | 614 vim nss.conf | ||
+ | 615 updatedb | ||
+ | 616 cd /etc/httpd/alias | ||
+ | 617 certutil -V -n cacert -u SR -e -l -d /etc/httpd/alias | ||
+ | 618 certutil -V -n alpha -u SR -e -l -d /etc/httpd/alias | ||
+ | 619 certutil -V -n Server-Cert -u SR -e -l -d /etc/httpd/alias | ||
+ | 620 shutdown -h now | ||
+ | 621 iptables -L -n | ||
+ | 622 exit |
Latest revision as of 16:10, 30 October 2012
Certutil is a utility put out my mozilla for handling SSL certificates. It is used on roentgen.
Problems
Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem.
At the moment this is just the 100 or lines from bash history that were involved in fixing the problem. An actual write up will follow.
532 man certutil 533 certutil --help 534 certutil -H 535 certutil -d /etc/httpd/alias -L -n Server-Cert 536 certutil -H 537 ls 538 certutil -d /etc/httpd/alias -L -n Server-Cert 539 cd /etc/httpd/alias/ 540 ls 541 certutil -d /etc/httpd/alias -L 542 certutil -d /etc/httpd/alias -K 543 certutil -d /etc/httpd/alias -L -n cacert 544 certutil -d /etc/httpd/alias -K 545 certutil -d /etc/httpd/alias -L -n alpha 546 certutil -d /etc/httpd/alias -L -n cacert 547 certutil -d /etc/httpd/alias -L -n Server-Cert 548 certutil -d /etc/httpd/alias -L 549 certutil -d /etc/httpd/alias -L cacert 550 certutil -d /etc/httpd/alias -L -n cacert 551 certutil -d /etc/httpd/alias -L 552 certutil -d /etc/httpd/alias -L -n cacert 553 certutil -d /etc/httpd/alias -L -K 554 certutil -d /etc/httpd/alias -K 555 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:cacert" -s "CN=Certificate Shack,O=example.com,C=US" -a -o cacert.req 556 ls 557 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 558 ls 559 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 560 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12 561 strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 562 certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12 563 ls 564 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" 565 vim cacert.crt 566 exit 567 yum -y update 568 exit 569 tail -f /var/log/httpd/ssl_error_log 570 tail -f /var/log/httpd/ssl_request_log 571 tail -f /var/log/httpd/error_log 572 tail -f /var/log/httpd/ssl_access_log 573 tail -f /var/log/httpd/ 574 exit 575 ll /etc/init.d/*ssl* 576 yum update 577 screen 578 reboot 579 ls 580 history 581 certutil -d /etc/httpd/alias -L 582 certutil -d /etc/httpd/alias -L -n Server-Cert 583 cp -r /etc/httpd/alias/ /etc/httpd/alias.bk 584 cd /etc/httpd/alias 585 ls 586 certutil -d /etc/httpd/alias.bk -L 587 certutil -D -d /etc/httpd/alias -n cacert 588 certutil -d /etc/httpd/alias -L 589 pwd 590 ls 591 certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu" 592 certutil -d /etc/httpd/alias -L 593 certutil -d /etc/httpd/alias -L -n cacert 594 certutil -d /etc/httpd/alias -L -n Server-Cert 595 ls 596 certutil -d /etc/httpd/alias -K 597 certutil -d /etc/httpd/alias -R -k "NSS Certificate DB:Server-Cert" -c "CN=Certificate Shack,O=example.com,C=US" -s "CN=roentgen.unh.edu,O=example.com,C=US" -a -o Server-Cert.req 598 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 1 -v 12 599 certutil -D -d /etc/httpd/alias -n Server-Cert 600 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" 601 certutil -d /etc/httpd/alias -L 602 certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 3 -v 12 603 certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u" 604 certutil -d /etc/httpd/alias -L 605 certutil -d /etc/httpd/alias -L -n Server-Cert 606 cd .. 607 ls 608 cd conf 609 ls 610 cd ../conf.d/ 611 ls 612 vim nss.conf 613 /etc/init.d/httpd restart 614 vim nss.conf 615 updatedb 616 cd /etc/httpd/alias 617 certutil -V -n cacert -u SR -e -l -d /etc/httpd/alias 618 certutil -V -n alpha -u SR -e -l -d /etc/httpd/alias 619 certutil -V -n Server-Cert -u SR -e -l -d /etc/httpd/alias 620 shutdown -h now 621 iptables -L -n 622 exit