Renewing a Self-Signed Web Certificate (CTPView Server Menu)
Before you begin, log in to the CTPView server and access the CTPView Configuration Menu. See Accessing the CTPView Server Configuration Menu (CTPView Server Menu).
To renew a self-signed Web certificate:
-
Verify
that the existing certificate has expired by running the command
openssl
x509 -noout -text -in <your_cert.crt> | grep -i -A2
validity.
[juniper_sa@ctpview /tmp 29]$ openssl x509 -noout -text -in <your_cert.crt> | grep -i -A2 validity
Validity Not Before: May 30 05:57:02 2024 GMT Not After : May 30 05:57:02 2025 GMT [juniper_sa@ctpview /tmp 30]$ -
Renew the certificate for 10 years by running the command openssl x509
-req -in <your_cert.csr> -days 3650 -signkey <your_cert.key>
-out <your_cert.crt>.
[juniper_sa@ctpview /tmp 59]$ openssl x509 -req -in <your_cert.csr> -days 3650 -signkey <your_cert.key> -out <your_cert.crt>
Certificate request self-signature ok subject=CN = <your_cert>, O = CG, OU = " ", OU = " ", OU = " ", C = IN, ST = " ", L = " "
-
Verify
the modulus of the original server key by running the command openssl rsa
-noout -modulus -in <your_cert.key> and the modulus of renewed
certificate by running the command openssl x509 -noout -modulus -in
<your_cert.crt>. They must match.
[juniper_sa@ctpview /tmp 60]$ openssl x509 -noout-modulus -in your_cert.crt Modulus=94BEF7C734FC8F63C3B792AB383884CBB9BFDC0023BB6525BA94D59CF621315CE8D8F44 07EB5558E89C9D0AA1FD3088D7F00524EAE4B455529D52A500E80F5F153B4A76F92A411334A587A CE1EB7060D61B7A9287627DE88FA6E3C616A233972A7EFBF61E3DAEEF701DE820DAE2089988ADCE 5851FED022D306271DFB83264CBCA9F46F8A3FA2E975BA346F10F60A22BFBECAE68B49435E8908F 28A59EBF02194121AD8918ABB4D7B8DF1B719F3FF57CD137CCA51CC9E4AED1A3F4D1592943D1754 39E151C84524F56669A0888002D0B8A01A63A5CA409D718321DDD25DAB8CC68A54E805038A47F67 D7B7A4516525889F3A55196475EF3FBEC63E814DEF899A534C7212DED1173B022B029E4C9AB8C86 911093BD27E88D9E187FE483F305825D02083B28FD2ABC910513FBABD8C204010BAC7A7AA3DE093 61B634C961A2C4F0CAC547AE31A35CFBDBBBB2C934F1E055098C50161AC95769EC4AD257577A4A5 0D8058DB44185A359E8964B4EC701C3D52B83F1ED4E4DD3DB634CBA6A95FDE0A60859F132680B51 02C5D32864EEE1C6FC121A6DFC160984F5A6E49612D77A5AF3560CA43083B12CB97448941CDD40A 950E7D58D628D53E2A160388BF47AC8CE4F4D577CFDA6495E9CFC13F4E3D0B87B57DB099501269A 6F3C871D2844B46E631548BC5D8534A22C254AB8C85416D94871BA33B8B9DACDE3384EE82BA6C18 1F7DB
[juniper_sa@ctpview /tmp 62]$ openssl rsa -noout -modulus -in your_cert.key Modulus=94BEF7C734FC8F63C3B792AB383884CBB9BFDC0023BB6525BA94D59CF621315CE8D8F44 07EB5558E89C9D0AA1FD3088D7F00524EAE4B455529D52A500E80F5F153B4A76F92A411334A587A CE1EB7060D61B7A9287627DE88FA6E3C616A233972A7EFBF61E3DAEEF701DE820DAE2089988ADCE 5851FED022D306271DFB83264CBCA9F46F8A3FA2E975BA346F10F60A22BFBECAE68B49435E8908F 28A59EBF02194121AD8918ABB4D7B8DF1B719F3FF57CD137CCA51CC9E4AED1A3F4D1592943D1754 39E151C84524F56669A0888002D0B8A01A63A5CA409D718321DDD25DAB8CC68A54E805038A47F67 D7B7A4516525889F3A55196475EF3FBEC63E814DEF899A534C7212DED1173B022B029E4C9AB8C86 911093BD27E88D9E187FE483F305825D02083B28FD2ABC910513FBABD8C204010BAC7A7AA3DE093 61B634C961A2C4F0CAC547AE31A35CFBDBBBB2C934F1E055098C50161AC95769EC4AD257577A4A5 0D8058DB44185A359E8964B4EC701C3D52B83F1ED4E4DD3DB634CBA6A95FDE0A60859F132680B51 02C5D32864EEE1C6FC121A6DFC160984F5A6E49612D77A5AF3560CA43083B12CB97448941CDD40A 950E7D58D628D53E2A160388BF47AC8CE4F4D577CFDA6495E9CFC13F4E3D0B87B57DB099501269A 6F3C871D2844B46E631548BC5D8534A22C254AB8C85416D94871BA33B8B9DACDE3384EE82BA6C18 1F7DB
-
Verify the validity of the renewed certificate by running the command
openssl x509 -noout -text -in <your_cert.crt> | grep -i -A2
validity.
[juniper_sa@ctpview /tmp 63]$ openssl x509 -noout -text -in <your_cert.crt> | grep -i -A2 validity Validity Not Before: May 31 06:30:54 2025 GMT Not After : May 29 06:30:54 2035 GMT