Upgrade Cartificate Authority (ROOT CA) from SHA1 to SHA2 (SHA256)


More text to come, comment for me to speed up 😀



Linux command for Centos 5 and Centos 7

Centos 7

if convert is needed (legacy)
Kopier vores mycert.cer fil til Linux (/tmp)
openssl x509 -inform der -in tv2b.cer -out tv2ca.pem (konverter den til pem)
cp /tmp/tv2ca.pem  /etc/pki/ca-trust/source/anchors/tv2ca.pem (kopier den ind i trustet anchors for Linux)
update-ca-trust (If the certificate is in OpenSSL’s extended BEGIN TRUSTED CERTIFICATE format, place it in /etc/pki/ca-trust/source)
Efter skift til SHA256 var det IKKE nødvendigt at “convertere” ROOT CA til PEM, certificatet skulle blot omdøbes, nedenstÃ¥ende er komplet og herefter virkede det.
cp tv2b-ca_sha2.cer tv2b-ca_sha2.pem
cp /tmp/tv2b-ca_sha2.pem  /etc/pki/ca-trust/source/anchors/tv2b-ca.pem

Centos 5



Kopier tv2b-ca.cer filen til /tmp på varnish serveren
omdøb den her til .pem
cp /tmp/tv2b-ca_sha2.cer tv2b-ca_sha256.pem
Tag backup at ca-bundles
cp /etc/pki/tls/certs/ca-bundle.crt /tmp/ca-bundle.bak
Append så pem filen til dit ca-bundle
cat /tmp/tv2b-ca_sha2.pem >> /etc/pki/tls/certs/ca-bundle.crt
Nu er det nye root crt trusted.




Additional links regarding the topic

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© 2024: Noervig's notes | Easy Theme by: D5 Creation | Powered by: WordPress