How to re-sign the certificate
GlobalSign
We can't use StartCom anymore (see https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/), so we asked GlobalSign and it has kindly agreed to sponsor a certificate.
The certificate can be requested at the following URL: https://www.globalsign.com/en/ssl/ssl-open-source/ .
Obsolete
See http://www.midnight-commander.org/ticket/2578 for details.
If you want to create new private key, run:
openssl genrsa -out midnight-commander.org.key 2048
If you want just re-sign certificate, get the private key from m-c.o server (placed by path /etc/pki/tls/private/midnight-commander.org.key) and run the command:
DOMAIN_NAME="www.midnight-commander.org" expect -c ' set timeout -1 spawn openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr match_max 100000 expect "Country Name" send -- "MC\r" expect "State or Province Name" send -- "'${DOMAIN_NAME}'\r" expect "Locality Name" send -- "'${DOMAIN_NAME}'\r" expect "Organization Name" send -- "'${DOMAIN_NAME}'\r" expect "Organizational Unit Name" send -- "'${DOMAIN_NAME}'\r" expect "Common Name" send -- "'${DOMAIN_NAME}'\r" expect "Email Address" send -- "\r" expect "A challenge password" send -- "\r" expect "An optional company name" send -- "\r" expect eof '
If you don't have the expect utility, you may manually run the command:
openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr
And fill all fields as it provided in script.
After this, register or login to https://www.startssl.com, validate (if needed) m-c.o domain and run 'Certificates Wizard' tab on webpage. Skip generation of private key and insert content of midnight-commander.org.csr file to the textarea on webpage. Next, press 'Continue' button and copy content from textarea to midnight-commander.org.crt file. Copy midnight-commander.org.crt file to /etc/pki/tls/private/midnight-commander.org.crt on m-c.o server. Log in to m-c.o server via ssh and run:
sudo su - /etc/init.d/nginx restart
That's all.
Attachments
- generate_private_key.sh (67 bytes) - added by slavazanko 12 years ago.
- generate_certificate_request.sh (644 bytes) - added by slavazanko 12 years ago.