Answers to: CertWatch indicates expired cert but can't fix ithttp://linuxexchange.org/questions/2937/certwatch-indicates-expired-cert-but-cant-fix-it<p>One of our servers running Fedora 16 started sending the following message to root in an email:</p> <pre><code>################# SSL Certificate Warning ################ Certificate for hostname 'server11.&lt;servername&gt;.com', in file (or by nickname): /etc/pki/tls/certs/localhost.crt The certificate needs to be renewed; this can be done using the 'genkey' program. Browsers will not be able to correctly connect to this web site using SSL until the certificate is renewed. ########################################################## Generated by certwatch(1) </code></pre> <p>Because it is a self-signed cert you really can not use genkey to renew, so I tried issuing a new self-signed cert with:</p> <pre><code>grep SSLCertificate /etc/httpd/conf.d/ssl.conf </code></pre> <p>and grabbed the location of the certs</p> <pre><code>SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key </code></pre> <p>Then I checked the permissions of these files with</p> <pre><code>la /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key </code></pre> <p>Then I created the cert with</p> <pre><code>openssl req -new -days 365 -x509 -nodes -out /etc/pki/tls/certs/localhost.crt -keyout /etc/pki/tls/private/localhost.key </code></pre> <p>When prompted I entered</p> <pre><code>Generating a 2048 bit RSA private key ..........................................+++ .................+++ writing new private key to '/etc/pki/tls/private/localhost.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:US State or Province Name (full name) []:&lt;MyState&gt; Locality Name (eg, city) [Default City]:&lt;MyCity&gt; Organization Name (eg, company) [Default Company Ltd]:&lt;MyCompany&gt; Organizational Unit Name (eg, section) []:&lt;MyDepartment&gt; Common Name (eg, your name or your server's hostname) []:server11.&lt;servername&gt;.com Email Address []:&lt;Admin Email&gt; </code></pre> <p>I then checked the files again with </p> <pre><code>la /etc/pki/tls/certs/localhost.crt /etc/pki/tls/private/localhost.key </code></pre> <p>All looked OK and the new files were there with the right permissions. So all seemed to work out fine but I'm still receiving the cert expiration warning. What am I missing?</p>enFri, 20 Jan 2017 21:36:48 -0000