2010-01-16

How to regenerate the Apache SSL key and certificate on Debian Lenny

This blog post explains how to regerated the Apache 2 SSL server key and certification on Debian Lenny.

The default, self-signed certificate used by Apache 2 is called snakeoil, it's generated based on the hostname (as reported by hostname -f) to files /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key when the ssl-cert package is installed. Here is how to regenerate the key and the certificate in case the hostname is changed:

# hostname -f
# make-ssl-cert generate-default-snakeoil --force-overwrite
# ls -l /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key
... (check the last-modified-time)
# /etc/init.d/apache2 restart

2 comments:

mack said...

This has saved me a lot of time, as i've been trying to do this on Apache 2 for a while now. Just got to install the new apache ssl cert now for the web app and i'm away!

Thanks (i've bookmarked this page!)

Aswani Prakash said...

Thank you for the post! It worked. I was having issue in installing Postgresql on Ubuntu 14.04. The error was 'could not load private key file "/etc/ssl/private/ssl-cert-snakeoil.key": key values mismatch'.