Difference between revisions of "Certutil"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
 
Line 4: Line 4:
  
 
Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem.
 
Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem.
 +
 +
At the moment this is just the 100 or lines from bash history that were involved in fixing the problem. An actual write up will follow.
  
 
   532  man certutil
 
   532  man certutil

Latest revision as of 16:10, 30 October 2012

Certutil is a utility put out my mozilla for handling SSL certificates. It is used on roentgen.

Problems

Sometimes certificates expire. When they do apache crashes. This is how to update the certs and fix the problem.

At the moment this is just the 100 or lines from bash history that were involved in fixing the problem. An actual write up will follow.

 532  man certutil
 533  certutil --help
 534  certutil -H
 535  certutil -d /etc/httpd/alias -L -n Server-Cert
 536  certutil -H
 537  ls
 538  certutil -d /etc/httpd/alias -L -n Server-Cert
 539  cd /etc/httpd/alias/
 540  ls
 541  certutil -d /etc/httpd/alias -L
 542  certutil -d /etc/httpd/alias -K
 543  certutil -d /etc/httpd/alias -L -n cacert
 544  certutil -d /etc/httpd/alias -K
 545  certutil -d /etc/httpd/alias -L -n alpha
 546  certutil -d /etc/httpd/alias -L -n cacert
 547  certutil -d /etc/httpd/alias -L -n Server-Cert
 548  certutil -d /etc/httpd/alias -L
 549  certutil -d /etc/httpd/alias -L cacert
 550  certutil -d /etc/httpd/alias -L -n cacert
 551  certutil -d /etc/httpd/alias -L
 552  certutil -d /etc/httpd/alias -L -n cacert
 553  certutil -d /etc/httpd/alias -L -K
 554  certutil -d /etc/httpd/alias -K
 555  certutil  -d /etc/httpd/alias -R -k "NSS Certificate DB:cacert" -s "CN=Certificate Shack,O=example.com,C=US" -a -o cacert.req
 556  ls
 557  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req  -t "TCu,Cu,Cu" -m 1 -v 12
 558  ls
 559  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12
 560  strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -m 1 -v 12
 561  strace certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12
 562  certutil -C -d /etc/httpd/alias -c "cacert" -a -i cacert.req -t "TCu,Cu,Cu" -o cacert.crt -m 1 -v 12
 563  ls
 564  certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu"
 565  vim cacert.crt 
 566  exit
 567  yum -y update
 568  exit
 569  tail -f /var/log/httpd/ssl_error_log
 570  tail -f /var/log/httpd/ssl_request_log 
 571  tail -f /var/log/httpd/error_log
 572  tail -f /var/log/httpd/ssl_access_log 
 573  tail -f /var/log/httpd/
 574  exit
 575  ll /etc/init.d/*ssl*
 576  yum update
 577  screen
 578  reboot
 579  ls
 580  history
 581  certutil -d /etc/httpd/alias -L
 582  certutil -d /etc/httpd/alias -L -n Server-Cert
 583  cp -r /etc/httpd/alias/ /etc/httpd/alias.bk
 584  cd /etc/httpd/alias
 585  ls
 586  certutil -d /etc/httpd/alias.bk -L
 587  certutil -D -d /etc/httpd/alias -n cacert
 588  certutil -d /etc/httpd/alias -L
 589  pwd
 590  ls
 591  certutil -A -d /etc/httpd/alias -n "cacert" -a -i cacert.crt -t "TCu,Cu,Cu"
 592  certutil -d /etc/httpd/alias -L
 593  certutil -d /etc/httpd/alias -L -n cacert
 594  certutil -d /etc/httpd/alias -L -n Server-Cert
 595  ls
 596  certutil -d /etc/httpd/alias -K
 597  certutil  -d /etc/httpd/alias -R -k "NSS Certificate DB:Server-Cert" -c "CN=Certificate Shack,O=example.com,C=US" -s "CN=roentgen.unh.edu,O=example.com,C=US" -a -o Server-Cert.req
 598  certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 1 -v 12
 599  certutil -D -d /etc/httpd/alias -n Server-Cert
 600  certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u"
 601  certutil -d /etc/httpd/alias -L
 602  certutil -C -d /etc/httpd/alias -c "cacert" -a -i Server-Cert.req -t "u,u,u" -o Server-Cert.crt -m 3 -v 12
 603  certutil -A -d /etc/httpd/alias -n "Server-Cert" -a -i Server-Cert.crt -t "u,u,u"
 604  certutil -d /etc/httpd/alias -L
 605  certutil -d /etc/httpd/alias -L -n Server-Cert
 606  cd ..
 607  ls
 608  cd conf
 609  ls
 610  cd ../conf.d/
 611  ls
 612  vim nss.conf
 613  /etc/init.d/httpd restart
 614  vim nss.conf
 615  updatedb
 616  cd /etc/httpd/alias
 617  certutil -V -n cacert -u SR -e -l -d /etc/httpd/alias
 618  certutil -V -n alpha -u SR -e -l -d /etc/httpd/alias
 619  certutil -V -n Server-Cert -u SR -e -l -d /etc/httpd/alias
 620  shutdown -h now
 621  iptables -L -n
 622  exit