Super User Asked by Alex Bertens on December 30, 2020
When I run a security scan, it tells me I have a vulnerability. I "!" before the certificate name in the /etc/ca-certificates.conf, saved and ran update-ca-certificates -f and restarted the apache server. Is there anything I am missing that I need to do to remove this expired certificate?
Your Apache service is presenting an expired certificate in the chain to clients. Specifically, this one which expired in May. As the linked page says, there is a replacement available which is valid until 2028.
Apache's configuration file points to a file containing the chain of certificates which it presents to the clients. This is configured with the SSLCertificateFile directive.
In your Ubuntu installation, the Apache config file config file containing this directive is somewhere within /etc/apache2
. Where exactly depends on which instructions you used to configure TLS. You need to find the config file and then the file pointed to by the above directive. It is this latter file which contains your certificate chain.
The file contains multiple certificates, each delineated with ----- BEGIN CERTIFICATE ----
and ----- END CERTIFICATE -----
. You need to re-create this file (back it up first!) with your server certificate first, followed by the replacement certificate. Once you've done that, restart Apache and you should stop getting the error.
Correct answer by garethTheRed on December 30, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP