なんかこんな警告が来た。
################# SSL Certificate Warning ################
Certificate for hostname 'host.example.com', in file:
/etc/pki/tls/certs/localhost.crt
The certificate needs to be renewed; this can be done
using the 'genkey' program.
Browsers will not be able to correctly connect to this
web site using SSL until the certificate is renewed.
##########################################################
Generated by certwatch(1)
# rpm -qf /etc/pki/tls/certs/localhost.crt
ファイル /etc/pki/tls/certs/localhost.crt はどのパッケージにも属していません
# find /etc -exec grep -l localhost.crt {} \;
/etc/httpd/conf.d/ssl.conf
インストール時に作っているとみた。
$ vi rpm/SPECS/httpd.spec
(略)
%define sslcert %{_sysconfdir}/pki/tls/certs/localhost.crt
%define sslkey %{_sysconfdir}/pki/tls/private/localhost.key
(略)
if [ ! -f %{sslcert} ] ; then
cat << EOF | %{_bindir}/openssl req -new -key %{sslkey} \
-x509 -days 365 -set_serial $RANDOM \
-out %{sslcert} 2>/dev/null
SomeState
SomeCity
SomeOrganization
SomeOrganizationalUnit
${
FQDN}
root@${
FQDN}
EOF
fi
これに則って作ってみた。
# cd /etc/
pki/
tls/certs/
# mv
localhost.crt
localhost.crt.expired
# openssl req -new -key /etc/
pki/
tls/private/
localhost.key \
-x509 -days 365 -set_serial $RANDOM \
-out /etc/
pki/
tls/certs/
localhost.crt