LKBEN11648: How to renew the ssl-cert-snakeoil.pem certificate on Ubuntu?


Symptom

Your certificate needs to be renewed.

Cause

The certificate is not valid anymore.

Solution

To check the validity of the certificate you can use the following:

openssl x509 -in /etc/ssl/certs/ssl-cert-snakeoil.pem -noout -text

The validity is located at the top of the output.

Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number: 13637856412164018649 (0xbe188fd53d2536d9)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: CN=some.domain.de
        Validity
            Not Before: Feb 26 18:43:17 2013 GMT
            Not After : Feb 24 18:43:17 2023 GMT
        Subject: CN=some.domain.de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:a4:c5:d2:b2:5c:d6:a8:1d:c9:f3:82:70:7e:e1:
...

In the example output from above you can see the certificate is not valid anymore.

To renew you use the following command as root:

make-ssl-cert generate-default-snakeoil --force-overwrite

You can recheck the validity and will need to restart the service or the server.

Have fun.

Disclaimer:

The information provided in this document is intended for your information only. Lubby makes no claims to the validity of this information. Use of this information is at own risk!

About the Author

Author: Wim Peeters - Keskon GmbH & Co. KG

Wim Peeters is electronics engineer with an additional master in IT and over 30 years of experience, including time spent in support, development, consulting, training and database administration. Wim has worked with SQL Server since version 6.5. He has developed in C/C++, Java and C# on Windows and Linux. He writes knowledge base articles to solve IT problems and publishes them on the Lubby Knowledge Platform.

Latest update: 25/02/2023