service level SSL certificates stored in the path
/var/cpanel/ssl/
#cd /var/cpanel/ssl/
#ls -al
total 72
drwxr-xr-x. 7 root root 4096 Jan 2 2011 ./
drwxr-xr-x. 85 root root 20480 Apr 6 09:37 ../
-rw-r--r--. 1 root root 0 Jul 8 2007 active
drwxr-xr-x. 2 root root 4096 Jul 8 2007 courier/
-rw-r--r--. 1 root root 25 Jul 10 2010 courier-imapd-CN
-rw-r--r--. 1 root root 25 Jul 10 2010 courier-pop3d-CN
drwxr-xr-x. 2 root root 4096 Mar 4 2008 cpanel/
-rw-r--r--. 1 root root 25 Jul 16 2011 cpanel-CN
-rw-r--r--. 1 root root 1811 Sep 17 2009 cpanel-CRTINFO
drwxr-xr-x. 2 root root 4096 Jul 16 2011
-rw-r--r--. 1 root root 25 Jul 16 2011 dovecot-CN
drwxr-xr-x. 2 root root 4096 Jul 8 2007 exim/
-rw-r--r--. 1 root root 25 Apr 6 09:37 exim-CN
drwxr-xr-x. 2 root root 4096 Apr 6 06:22 ftp/
-rw-r--r--. 1 root root 19 Sep 21 2011 ftp-CN
#cd dovecot/
#openssl x509 -text -in dovecot.crt
root@server [/var/cpanel/ssl/dovecot]# openssl x509 -text -in dovecot.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:6d:6a:47:0c
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=server2.servertest2.com/emailAddress=ssl@server2.servertest2.com
Validity
In this case, we can see its ssl of server2.servertest2.com on server.servertest.com
we need to verify if the current certificate is a self signed one or not. To check use the command shown below.
openssl verify dovecot.crt
root@server [/var/cpanel/ssl/dovecot]# openssl verify dovecot.crt
dovecot.crt: C = US, ST = Unknown, L = Unknown, O = Unknown, OU = Unknown, CN = server2.servertest2.com, emailAddress = ssl@server2.servertest2.com
error 18 at 0 depth lookup:self signed certificate
OK
So we have to reset it to griffin. To reset go to
Main >> Service Configuration >> Manage Service SSL Certificates
We need to use "Install new Certificate " if you are installing the certificate that we bought from third party such as godaddy.
In this case We need to use the option "Reset Certificate".
Then " Generate New SSL certificate"
After resetting the SSL certificate, Check through backend using the command
openssl x509 -text -in dovecot.crt
root@server [/var/cpanel/ssl/exim]# openssl x509 -text -in exim.crt Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:7f:b6:a3
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Unknown, L=Unknown, O=Unknown, OU=Unknown, CN=server.servertest.com/emailAddress=ssl@server.servertest.com
Validity
Now the certificate has reset to the server server.servertest.com
No comments:
Post a Comment