Self signed certificate expiration for HTTPS

  • 0
  • 1
  • Question
  • Updated 4 months ago
  • Answered
  • (Edited)
Good morning! Using a self-signed cert for use with HTTPS and noticed that the expiration is automatically 1 year from the date of creation. Does anyone know if there is a way to change the expiration date to something longer (maybe 5 years)? Here's what I'm using:

conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local

Thanks,
Eric
Photo of Eric Burke

Eric Burke

  • 3,168 Points 3k badge 2x thumb

Posted 4 months ago

  • 0
  • 1
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
Eric,
You can't from the self sighed feature on the switch.  You can add your own cert you generate on your PC.
Photo of Eric Burke

Eric Burke

  • 3,168 Points 3k badge 2x thumb
Thanks Stephen. So what are you actually doing when you enter the ssl cert info as I noted?
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
You are having the switch generate a key.  You can generate your own in ubuntu, and upload it to the switch. 


Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt 




Then login to the switch and enter the keys:

* Switch.2 # conf ssl privkey pregenerated 
-----BEGIN PRIVATE KEY-----

Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG

-----END PRIVATE KEY-----

SSL Certificate and Key do not match
Please load new Certificate now
New Key will be usable after restart of thttpd process.
* Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated 
-----BEGIN CERTIFICATE-----

PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S

-----END CERTIFICATE-----

* Switch.2 # show ssl 
HTTPS Port Number: 443 (Disabled)
Signature Algorithm configured: sha512 With RSA Encryption 
Private Key matches the Certificate's public key.
RSA Key Length: 2048
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            xx:xx:xx:xx:xx:xx:xx:xx
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com
        Validity
            Not Before: Jun  4 13:36:26 2018 GMT
            Not After : Jun  3 13:36:26 2023 GMT
        Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com
* Switch.2 # 
* Switch.2 # 
* Switch.2 # en web https
(Edited)
Photo of Eric Burke

Eric Burke

  • 3,168 Points 3k badge 2x thumb
Thanks for clarifying!