cancel
Showing results for 
Search instead for 
Did you mean: 

Self signed certificate expiration for HTTPS

Self signed certificate expiration for HTTPS

Eric_Burke
New Contributor III
Good morning! Using a self-signed cert for use with HTTPS and noticed that the expiration is automatically 1 year from the date of creation. Does anyone know if there is a way to change the expiration date to something longer (maybe 5 years)? Here's what I'm using:

conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local

Thanks,
Eric
4 REPLIES 4

StephenW
Extreme Employee
You are having the switch generate a key. You can generate your own in ubuntu, and upload it to the switch.

Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt

Then login to the switch and enter the keys:

* Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https

Eric_Burke
New Contributor III
Thanks for clarifying!

StephenW
Extreme Employee
Eric,
You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.

Eric_Burke
New Contributor III
Thanks Stephen. So what are you actually doing when you enter the ssl cert info as I noted?
GTM-P2G8KFN