ExtremeSwitching (EXOS)

Expand all | Collapse all

Self signed certificate expiration for HTTPS

  • 1.  Self signed certificate expiration for HTTPS

    Posted 06-03-2018 12:39
    Good morning! Using a self-signed cert for use with HTTPS and noticed that the expiration is automatically 1 year from the date of creation. Does anyone know if there is a way to change the expiration date to something longer (maybe 5 years)? Here's what I'm using:

    conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local

    Thanks,
    Eric


  • 2.  RE: Self signed certificate expiration for HTTPS

    Posted 06-04-2018 10:27
    Eric,
    You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.


  • 3.  RE: Self signed certificate expiration for HTTPS

    Posted 06-04-2018 11:46
    You are having the switch generate a key. You can generate your own in ubuntu, and upload it to the switch.

    Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt [/code]

    Then login to the switch and enter the keys:

    * Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https [/code]


  • 4.  RE: Self signed certificate expiration for HTTPS

    Posted 06-04-2018 10:27
    Thanks Stephen. So what are you actually doing when you enter the ssl cert info as I noted?


  • 5.  RE: Self signed certificate expiration for HTTPS

    Posted 06-04-2018 11:46
    Thanks for clarifying!