Ted
sme server renews the self signed certificate each year, on the anniversary date of original installation. So my guess is you first installed sme a year ago.
You need to reinstall the "newly issued" certificate into your web browser, in the same way as you would have originally done.
There are custom template changes that can make the self signed certificate valid for a longer period of time (ie longer than the default one year).
See
/etc/e-smith/templates/home/e-smith/ssl.crt
Copy that fragment to
/etc/e-smith/templates-custom/home/e-smith/ssl.crt
then do
pico -w /etc/e-smith/templates-custom/home/e-smith/ssl.crt
and change the value for KEYLIFEINDAYS
on the first line to say 1826 for 5 years.
ctrl o
ctrl x
(to save & exit)
Then you need to wait for sme to create a new certificate or force the creation of a new certificate immediately.
To delete the existing self signed certificate and force sme to generate a new certificate do
rm /home/e-smith/ssl.crt/servername.domain.com.crt
rm /home/e-smith/ssl.key/servername.domain.com.key
rm /home/e-smith/ssl.pem/servername.domain.com.pem
(replace filename with your correct server file/key names)
signal-event post-upgrade
signal-event reboot
Then add the new 5 year certificate to your browser, and no more questions from your browser until five years time.
5 Replies
1777 Views