Ticket #2351 (closed defect: fixed)
[with positive review] sagenb.org SSL certificate is expired
| Reported by: | jason | Owned by: | mabshoff |
|---|---|---|---|
| Priority: | blocker | Milestone: | sage-3.0.3 |
| Component: | website/wiki | Keywords: | |
| Cc: | Work issues: | ||
| Report Upstream: | Reviewers: | ||
| Authors: | Merged in: | ||
| Dependencies: | Stopgaps: |
Description
The certificate expired earlier in February 2008.
It seems that the certificate was only good for a month.
Change History
comment:2 Changed 5 years ago by jason
From http://www.apache-ssl.org/
Now I've got my server installed, how do I create a test certificate? Step one - create the key and request: openssl req -new > new.cert.csr Step two - remove the passphrase from the key (optional): openssl rsa -in privkey.pem -out new.cert.key Step three - convert request into signed cert: openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 365 The Apache-SSL directives that you need to use the resulting cert are: SSLCertificateFile /path/to/certs/new.cert.cert SSLCertificateKeyFile /path/to/certs/new.cert.key How do I create a client certificate? Step one - create a CA certificate/key pair, as above. Step two - sign the client request with the CA key: openssl x509 -req -in client.cert.csr -out client.cert.cert -signkey my.CA.key -CA my.CA.cert -CAkey my.CA.key -CAcreateserial -days 365 Step three - issue the file 'client.cert.cert' to the requester. The Apache-SSL directives that you need to validate against this cert are: SSLCACertificateFile /path/to/certs/my.CA.cert SSLVerifyClient 2
comment:3 Changed 5 years ago by mabshoff
This is still a problem, at least according to Firefox 3.0b4:
Secure Connection Failed sagenb.com uses an invalid security certificate. The certificate is not trusted because it is self signed. The certificate is only valid for www.sagenb.org. The certificate expired on 02/20/2008 06:22 AM. (Error code: sec_error_expired_issuer_certificate)
comment:4 Changed 5 years ago by mabshoff
- Priority changed from major to blocker
- Milestone changed from sage-3.0 to sage-2.11
comment:5 Changed 5 years ago by was
You have to fix this on sagemath.org by editing files in /etc/apache-ssl, I think.
comment:6 Changed 5 years ago by was
I may have just fixed this by typing
sage:/etc/apache-ssl# openssl req -new -x509 -days 365 -nodes -out apache.pem -keyout apache.pem
on sage.math.washington.edu. Can somebody check if the certificate is now no longer expired. If so, this ticket can be closed.
comment:7 Changed 5 years ago by mabshoff
I still get after a clearing of the cache and a couple reloads:
www.sagenb.org uses an invalid security certificate. The certificate is not trusted because it is self signed. The certificate expired on 02/20/2008 06:22 AM. (Error code: sec_error_expired_issuer_certificate)
Maybe you need to restart the webserver?
Cheers,
Michael
comment:8 Changed 5 years ago by robertwb
I am also getting an error because the certificate is issued to "William Stein" rather than "sagenb.org"
comment:9 Changed 5 years ago by mabshoff
Well, I both points have been addressed:
- the certificate is now sigened by www.sagenb.org
- it no longer is expired
But since the certificate will expire a month after creation, i.e. 7/2/2008 we might want to create a certificate valid for longer than a months :)
Cheers,
Michael
comment:10 Changed 5 years ago by mabshoff
- Owner changed from was to mabshoff
- Status changed from new to assigned
I created a new ticket that will expire in 06/08/2013, so I consider this closed.
Cheers,
Michael
comment:11 Changed 5 years ago by gfurnish
- Summary changed from sagenb.org SSL certificate is expired to [with positive review] sagenb.org SSL certificate is expired
verified
comment:12 Changed 5 years ago by mabshoff
- Status changed from assigned to closed
- Resolution set to fixed
Fixed during the Sage 3.0.3 release cycle.
Cheers,
Michael
This requires somehow updating the apache-ssl certificate on sage.math and restarting apachessl. This happens in
on sage.math.