= How to re-sign the certificate = == !GlobalSign == We can't use !StartCom anymore (see https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/), so we asked !GlobalSign and it has kindly agreed to sponsor a certificate. The certificate can be requested at the following URL: https://www.globalsign.com/en/ssl/ssl-open-source/ . == Obsolete == See http://www.midnight-commander.org/ticket/2578 for details. If you want to create new private key, run: {{{ openssl genrsa -out midnight-commander.org.key 2048 }}} If you want just re-sign certificate, get the private key from m-c.o server (placed by path /etc/pki/tls/private/midnight-commander.org.key) and run the command: {{{ DOMAIN_NAME="www.midnight-commander.org" expect -c ' set timeout -1 spawn openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr match_max 100000 expect "Country Name" send -- "MC\r" expect "State or Province Name" send -- "'${DOMAIN_NAME}'\r" expect "Locality Name" send -- "'${DOMAIN_NAME}'\r" expect "Organization Name" send -- "'${DOMAIN_NAME}'\r" expect "Organizational Unit Name" send -- "'${DOMAIN_NAME}'\r" expect "Common Name" send -- "'${DOMAIN_NAME}'\r" expect "Email Address" send -- "\r" expect "A challenge password" send -- "\r" expect "An optional company name" send -- "\r" expect eof ' }}} If you don't have the expect utility, you may manually run the command: {{{ openssl req -new -key midnight-commander.org.key -out midnight-commander.org.csr }}} And fill all fields as it provided in script. After this, register or login to https://www.startssl.com, validate (if needed) m-c.o domain and run 'Certificates Wizard' tab on webpage. Skip generation of private key and insert content of midnight-commander.org.csr file to the textarea on webpage. Next, press 'Continue' button and copy content from textarea to midnight-commander.org.crt file. Copy midnight-commander.org.crt file to /etc/pki/tls/private/midnight-commander.org.crt on m-c.o server. Log in to m-c.o server via ssh and run: {{{ sudo su - /etc/init.d/nginx restart }}} That's all.