Last modified 5 years ago Last modified on 12/29/16 17:23:03

How to re-sign the certificate


We can't use StartCom anymore (see, so we asked GlobalSign and it has kindly agreed to sponsor a certificate.

The certificate can be requested at the following URL: .


See for details.

If you want to create new private key, run:

openssl  genrsa -out 2048

If you want just re-sign certificate, get the private key from m-c.o server (placed by path /etc/pki/tls/private/ and run the command:


expect -c '
set timeout -1
spawn openssl req -new -key -out
match_max 100000
expect "Country Name"
send -- "MC\r"
expect "State or Province Name"
send -- "'${DOMAIN_NAME}'\r"
expect "Locality Name"
send -- "'${DOMAIN_NAME}'\r"
expect "Organization Name"
send -- "'${DOMAIN_NAME}'\r"
expect "Organizational Unit Name"
send -- "'${DOMAIN_NAME}'\r"
expect "Common Name"
send -- "'${DOMAIN_NAME}'\r"
expect "Email Address"
send -- "\r"
expect "A challenge password"
send -- "\r"
expect "An optional company name"
send -- "\r"
expect eof

If you don't have the expect utility, you may manually run the command:

openssl req -new -key -out

And fill all fields as it provided in script.

After this, register or login to, validate (if needed) m-c.o domain and run 'Certificates Wizard' tab on webpage. Skip generation of private key and insert content of file to the textarea on webpage. Next, press 'Continue' button and copy content from textarea to file. Copy file to /etc/pki/tls/private/ on m-c.o server. Log in to m-c.o server via ssh and run:

sudo su -
/etc/init.d/nginx restart

That's all.