Genkey
Home > CentOS > CentOS 6.x > Security tools > genkey
CentOS comes with a self-signed certificate for localhost generated at '/etc/pki/tls/certs/localhost.crt' and corresponding private key at '/etc/pki/tls/private/localhost.key'. If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning. To create new certificates using genkey to resolve the issue use following commands:
rm -f /etc/pki/tls/private/localhost.key rm -f /etc/pki/tls/certs/localhost.crt genkey localhost
For simple hosting choose 1024-bit key length and avoid encrypting private key. There is no need of generating CSR for localhost. Server FQDN would be localhost. Other values for City, Organization, etc. can be filled appropriately, they will not affect the security offerred by certificate in any way.
In rare case if this does not works try:
openssl req -x509 -nodes -days 9999 -newkey rsa:1024 -keyout localhost.pem -out localhost.pem cp localhost.pem /etc/pki/tls/certs/localhost.crt
Home > CentOS > CentOS 6.x > Security tools > genkey