Self-Signed Certificate Expired/Won't save in Filezilla - How to renew?


#1

Hi,

It seems the self-signed certificate expired on box and I’m having to accept warning each time I visit page or access FTP.

How do I renew/create new certificate please?

Thanks.


#2

I think this is the answer you’re looking for, @JMSolo covered it briefly in this topic: Certificate error for local host installs

Basically if you’re using a self service certificate, you’re going to get that because the server isn’t authenticated to the big servers in the cloud. It’s more of a warning by your browser to ensure you’re not going to a “fake” website to be hacked in some way.

That’s how I took your question anyway, if I’m off on what you’re talking about, please let us know.


#3

Thanks for the reply however that’s not what I’m referring to. I’m aware of the warning regarding the self-signed certificate. However the certificate is only valid for one year then expires, same for the FTP. Each time you attempt to logon to FTP you need to accept the certificate each time instead of it ignoring after you have accepted and saved.


#4

As you can see from the image here The certificate is expired. It now comes up each time you connect to server and will not save. As you can see the save radio check boxes are greyed out.

2018%2004%2004%20-%20SeedBox%20Certificate%2001


#5

Strange, it should be on a 10/yr cycle. Could you attempt to run the following, it should update the existing cert.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem -subj "/C=CN/ST=BJ/L=PRC/O=IT/CN=www.example.com"

#6

I, too am having the exact same issue on an older server.
Mind you, this one is running Debian 8 with v2.4.8 and I have tried running the command posted above and restarted my server and still gives me the expired warning pop up.
I’m not sure if it is my non-supported OS either

Capture


#7

Thanks but didn’t seem to resolve. Issue remains as per image above of the certificate for FTP in Filezilla :frowning:


#8

Can you help with the FTP issue please bud?

Does anybody else know how to resolve? :frowning:


#9

Got the same issue on Ubuntu 16.04 & QB V2.5.3, ran what JMSolo posted but to no avail :>


#10

Since this issue is bigger:

Could you guys test with the following…

This generates a new csr off your existing certificate key

openssl req -new -key /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/private/ssl-cert-snakeoil.csr -subj "/C=CN/ST=BJ/L=PRC/O=IT/CN=www.example.com"

Then check the certificate end-date (to see if it’s updated)

openssl x509 -in /etc/ssl/certs/ssl-cert-snakeoil.pem -noout -enddate

If it shows an updated date and you are still having those issues saving the exception. Try clearing all browser cache and then visiting your dashboard once more.


#11

Still having same issue with Filezilla @JMSolo :frowning:


#12

We can just generate a new certificate for vsftpd

Do the following:

openssl req -config /root/.openssl.cnf -x509 -nodes -days 3650 -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
openssl x509 -in /etc/ssl/private/vsftpd.pem -noout -enddate
service vsftpd restart

With this option above, we’ll generate the self-signed certificate to be good for 10 years.

The openssl x509 -in /etc/ssl/private/vsftpd.pem -noout -enddate prints out the end date like:

BEFORE:

# openssl x509 -in /etc/ssl/private/vsftpd.pem -noout -enddate
notAfter=Nov  9 17:15:33 2018 GMT

AFTER:

# openssl x509 -in /etc/ssl/private/vsftpd.pem -noout -enddate
notAfter=Apr  9 18:19:57 2028 GMT

#13

Fixed! Thankyou, it’s much appreciated!


#14

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.