Bit Twister
2022-02-01 11:27:45 UTC
FYI: systemrescue-9.00-amd64.iso found at http://www.sysresccd.org/Download
So, when was the last time you checked for expired security certificates
on your system.
Snippet from my monthly cert check
/etc/cron.monthly/_monthly:
/local/cron/monthly/ch_4_expired_certs:
# /etc/pki/tls/certs/httpd.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/httpd.pem
# /etc/pki/tls/certs/postfix.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/postfix.pem
Quick look at a certs of interest
# openssl x509 -text -in /etc/pki/tls/certs/httpd.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
29:a1:04:62:ab:a0:02:35:e1:35:7e:fd:5c:f5:fd:fb:cf:d1:82:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default httpd cert for localhost, emailAddress = ***@localhost
Validity
Not Before: Feb 10 01:46:19 2021 GMT
Not After : Feb 10 01:46:19 2022 GMT
Subject: CN = localhost, OU = default httpd cert for localhost, emailAddress = ***@localhost
# openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
16:ec:ef:be:6b:9d:46:81:c7:f1:7b:45:8c:a0:03:b9:68:67:88:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default postfix cert for localhost, emailAddress = ***@localhost
Validity
Not Before: Feb 10 01:44:50 2021 GMT
Not After : Feb 10 01:44:50 2022 GMT
Subject: CN = localhost, OU = default postfix cert for localhost, emailAddress = ***@localhost
So, when was the last time you checked for expired security certificates
on your system.
Snippet from my monthly cert check
/etc/cron.monthly/_monthly:
/local/cron/monthly/ch_4_expired_certs:
# /etc/pki/tls/certs/httpd.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/httpd.pem
# /etc/pki/tls/certs/postfix.pem expires 20220210 Warning. run
/local/bin/gen_certs -s /etc/pki/tls/certs/postfix.pem
Quick look at a certs of interest
# openssl x509 -text -in /etc/pki/tls/certs/httpd.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
29:a1:04:62:ab:a0:02:35:e1:35:7e:fd:5c:f5:fd:fb:cf:d1:82:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default httpd cert for localhost, emailAddress = ***@localhost
Validity
Not Before: Feb 10 01:46:19 2021 GMT
Not After : Feb 10 01:46:19 2022 GMT
Subject: CN = localhost, OU = default httpd cert for localhost, emailAddress = ***@localhost
# openssl x509 -text -in /etc/pki/tls/certs/postfix.pem | head -11
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
16:ec:ef:be:6b:9d:46:81:c7:f1:7b:45:8c:a0:03:b9:68:67:88:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = localhost, OU = default postfix cert for localhost, emailAddress = ***@localhost
Validity
Not Before: Feb 10 01:44:50 2021 GMT
Not After : Feb 10 01:44:50 2022 GMT
Subject: CN = localhost, OU = default postfix cert for localhost, emailAddress = ***@localhost