Self signed certificate expiration for HTTPS
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-03-2018 12:39 PM
Good morning! Using a self-signed cert for use with HTTPS and noticed that the expiration is automatically 1 year from the date of creation. Does anyone know if there is a way to change the expiration date to something longer (maybe 5 years)? Here's what I'm using:
conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local
Thanks,
Eric
conf ssl certificate privkeylen 2048 country US organization "Our Company Name" common-name w-core-sw2.company.local
Thanks,
Eric
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2018 11:46 AM
You are having the switch generate a key. You can generate your own in ubuntu, and upload it to the switch.
Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt
Then login to the switch and enter the keys:
* Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https
Ubuntu:~$sudo openssl req -x509 -nodes -days 1825 -newkey rsa:2048 -keyout ./private.key -out ./public.crt
Then login to the switch and enter the keys:
* Switch.2 # conf ssl privkey pregenerated -----BEGIN PRIVATE KEY----- Nu8OeKox1UHQE2deOsTY5Le7iRx+SApETXiHZzStY+4spMrVxwpzxCbZlLKmJHuG -----END PRIVATE KEY----- SSL Certificate and Key do not match Please load new Certificate now New Key will be usable after restart of thttpd process. * Slot-1 L3L_K1_U33_34(65.43).3 # conf ssl certificate pregenerated -----BEGIN CERTIFICATE----- PxFKlZIUHLEoYWnpPlwrDuX67CSJzdyXnZfrODcMYA1S/dDj9pjAF5WOh/21WH1S -----END CERTIFICATE----- * Switch.2 # show ssl HTTPS Port Number: 443 (Disabled) Signature Algorithm configured: sha512 With RSA Encryption Private Key matches the Certificate's public key. RSA Key Length: 2048 Certificate: Data: Version: 3 (0x2) Serial Number: xx:xx:xx:xx:xx:xx:xx:xx Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Some-State, L=cary, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com Validity Not Before: Jun 4 13:36:26 2018 GMT Not After : Jun 3 13:36:26 2023 GMT Subject: C=US, ST=Some-State, L=anywhere, O=Internet Widgits Pty Ltd, OU=switch, CN=switch/emailAddress=sdf@yahoo.com * Switch.2 # * Switch.2 # * Switch.2 # en web https
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2018 11:46 AM
Thanks for clarifying!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2018 10:27 AM
Eric,
You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.
You can't from the self sighed feature on the switch. You can add your own cert you generate on your PC.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎06-04-2018 10:27 AM
Thanks Stephen. So what are you actually doing when you enter the ssl cert info as I noted?
