mikedpitt420

Strange SSL system message

4 posts in this topic

So I got this exact message from my server this morning. Any idea as to what it is or what I should do about it?

WARNING: certificate /etc/ssl/certs/ca-certificates.crt

    is about to expire in time equal to or less than 7 days from now on,

    or has already expired - it might be a good idea to obtain/create new one.

 

    NOTE: This message is being sent only once.

 

    A lock-file

    /var/run/certwatch-mailwarning-sent-ca-certificates.crt

    has been created, which will prevent this script from mailing you again

    upon its subsequent executions by crond. You dont need to care about it;

    the file will be auto-deleted as soon as you'll prolong your certificate.

0

Share this post


Link to post
Share on other sites

I am not sure if I am right but Ill go by memory and try and help before I nip off to work. I am assuming you have some knowledge of SSL and or can remember when you setup whatever is using it. I am also assuming that SSL is not required by Unraid (because I don't think it is even shipped with it) and is actually for something else you have on your box entirely. If this is not true or you are unsure, PAUSE and wait for someone with a little more Unraid Skills to chime in.

 

So, moving on from the above .....

 

You have SSL running and you have SSL certificates that need renewing. I suspect there was a cron job setup to automatically issue a warning message in the log when an SSL certificate is about to expire.

 

To check the status of your certificates I think you can use the following to check if this is correct. After telnet'ing into your box us this command

 

"openssl x509 -enddate -noout -in fileinquestion.pem or fileinquestion.crt"

 

The output will tell you the date of expiry right then.

 

The certificate needs to be renewed; this can be done by generating a new key pair. Until you do so I think it likely that web clients will not be able to correctly connect to the web site using SSL until the certificate is renewed.

 

When you generate the new key (using the genkey tool I believe), you are going to be generating a new public & private key pair, from which a certificate is then created. You are NOT 'renewing' the certificate as the log implies you must. I think it is possible to renew a certificate based on your existing key pair, but I think because it is so so easy to just just the tools to generate a new pair that it is just easier this way.

 

I hope this helps push you in the right direction or generates some more discussion for you to aid you in your issue.

 

0

Share this post


Link to post
Share on other sites

Today I received the same email warning as shown in post #1.

 

I'm a little lost. Can someone please explain to me how to generate a new key pair (as suggested in post #2).

 

0

Share this post


Link to post
Share on other sites
1 minute ago, Dabear3 said:

Today I received the same email warning as shown in post #1.

 

I'm a little lost. Can someone please explain to me how to generate a new key pair (as suggested in post #2).

 

Does your server have the correct date and time?

 

You have posted this in the legacy section of the forum in a thread that is over 2 years old. Are you really using V5 or older? If not, start a new thread in V6 General Support.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

Copyright © 2005-2017 Lime Technology, Inc. unRAID® is a registered trademark of Lime Technology, Inc.