Renewing a SSL Certificate on Centos

We receive a mail with next message in mail:

Certificate for hostname 'server.domain.com', in file (or by nickname):
     /etc/pki/tls/certs/ca.crt

The certificate needs to be renewed; this can be done
  using the 'genkey' program.

We find files in:

 [root@server ~]# ls -lh /etc/pki/tls/private/ca.key
-rw------- 1 root root 1,7K ian 29  2016 ca.key

Now we renew certificate:

# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /etc/pki/tls/certs/ca.crt -keyout /etc/pki/tls/private/ca.key

We need to update their permissions.

chmod 600 /etc/pki/tls/certs/ca.crt
chmod 600 /etc/pki/tls/private/ca.key

How to see details about new certificate?
A: type this

 # openssl x509 -text -in /etc/pki/tls/certs/ca.crt

Enhoy !

How to upgrade OpenSSL on Centos 7

We make update to last OpenSSL, now we have latest varsion intalled with yum.

[root@mail src]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

But we want to update to openssl-1.0.2k. We have to compile OpenSSL.

# cd /usr/local/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2k
# ./config
# make
# make test
# make install

We now copy older version on other path.

# mv /usr/bin/openssl  /usr/bin/openssl-1.0.1e
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

Now verify the OpenSSL version:

# openssl version
OpenSSL 1.0.2k  26 Jan 2017

Enjoy !
Source: https://syslint.com/blog/tutorial/how-to-upgrade-openssl-on-centos-7-or-rhel-7/