Self signed certificate expiration for HTTPS


Userlevel 4
Good morning! Using a self-signed cert for use with HTTPS and noticed that the expiration is automatically 1 year from the date of creation. Does anyone know if there is a way to change the expiration date to something longer (maybe 5 years)? Here's what I'm using:

conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local

Thanks,
Eric

4 replies

Userlevel 6
Eric,
You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.
Userlevel 4
Stephen Williams wrote:

Eric,
You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.

Thanks Stephen. So what are you actually doing when you enter the ssl cert info as I noted?
Userlevel 6
You are having the switch generate a key. You can generate your own in ubuntu, and upload it to the switch.

Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt [/code]

Then login to the switch and enter the keys:

* Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https [/code]
Userlevel 4
Stephen Williams wrote:

You are having the switch generate a key. You can generate your own in ubuntu, and upload it to the switch.

Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt [/code]

Then login to the switch and enter the keys:

* Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https [/code]

Thanks for clarifying!

Reply