SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0001797: recreating SSL-cert (https) uses same serial-number - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001797Endian FirewallOther Scriptspublic2009-04-18 10:252011-02-18 16:28
Reportermike-f 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.2-rc3 
Target VersionfutureFixed in Version 
Summary0001797: recreating SSL-cert (https) uses same serial-number
Descriptionwhen there are no /etc/httpd/server.* keys they are created by the
/etc/init.d/httpd script

recreating the certificates (in case the files where moved/renamed) wont't change the serial-numbers of the new certs

Additional Informationusing camino we get the following blocking error:

"You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information:

Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number."

we have to remove the old-self-signed certificate from our keychain and reimport the new one
Tagsneeds testing
Attached Filestxt file icon httpd.txt [^] (6,314 bytes) 2009-04-18 16:15 [Show Content]

- Relationships

-  Notes
(0002159)
mike-f (updater)
2009-04-18 16:17

we made some configurations to the default
/etc/init.d/httpd

new certificates can be issued by running

/etc/init.d/httpd new_cert
(0002160)
mike-f (updater)
2009-04-18 16:43

if you need a different serial number assigned to the certificate run

   mkdir /etc/httpd/certs

then a

   echo XXX > /etc/httpd/certs/serial.txt

with XXX beeing the current ("bad") serial number

and to create the new clean cert

  /etc/init.d/httpd new_cert
(0002359)
luca-endian (developer)
2009-05-19 07:36

I can confirm this issue, it happened some times in the past, probably after a factory default, if I remember correctly

- Issue History
Date Modified Username Field Change
2009-04-18 10:25 mike-f New Issue
2009-04-18 16:15 mike-f File Added: httpd.txt
2009-04-18 16:17 mike-f Note Added: 0002159
2009-04-18 16:43 mike-f Note Added: 0002160
2009-04-18 16:46 mike-f Tag Attached: needs testing
2009-05-19 07:36 luca-endian Note Added: 0002359
2010-09-21 10:57 peter-endian Status new => confirmed
2010-09-21 10:57 peter-endian Target Version => future
2011-02-02 11:19 lorenzo-endian Customer Occurencies => 0
2011-02-02 11:19 lorenzo-endian Assigned To => peter-endian
2011-02-18 16:28 ra-endian Severity major => minor

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker