How do I re-issue OpenSSL snakeoil cert?

openssh

In light of the recent heartbleed fiasco and whatnot I too have been scrambling to up security on some servers. My question is how do I reissue the Snakeoil cert that comes with Openssl?

The cert that it is currently using was issued in 2012, so clearly before this incident. So it seems like the protocol here is to reissue all certs and I cant find info on how to do so for snakeoil.

I am the only one who uses that cert, for PHPmyadmin, so do I even need to update it?


You can use this one-liner to regenerate both files in one shot. You'll need to restart Apache after the cert has been re-created.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem

If you're at all concerned about security (and you should be), then you should regenerate certificates on all affected critical servers, followed by an exhaustive service restart or a system reboot.

If you're just running a play-around box on your LAN that's one thing, but anything you've got on the internet you should definitely reissue.


Here I found that there is this command:

sudo make-ssl-cert generate-default-snakeoil --force-overwrite

Related

how to stop tomcat7 in ubuntu?
How can I copy files with duplicate filenames into one directory and retain both files by having the duplicate(s) rename automatically?
Convert Text File Encoding
Where do I set-up a screen saver in Xubuntu 15.10?
How to programmatically determine DPI of images in PDF file?
Get email notification for using 'sudo' by a specific user
How can I prevent nohup from creating the file ~/nohup.out?
Difference between ESTABLISHED and LISTENING [duplicate]
What are xhost and xhost +si?
Distorted headphone sound when using Skype for Linux
Switch user not working in 17.10
Are the DigiNotar certificates supposed to be present in Firefox in a clean install?