# Can self-signed SSL certificate be renewed? How

certificateopensslssl

I'm fairly new to SSL certificates and would like to know if a self-signed certificate which I use for HTTPS can be renewed to extend its expiry date without all clients of the site having to go through the "allow exception" process they have to do when they visit the site for the very first time or, as when issuing new self-signed certificate created from scratch.

I found the following tutorial showing how to renew a self-signed cert using openssl but I wasn't able to use it such that my browser silently accepts it without showing that "Untrusted Site" warning screen:

  # cd /etc/apache2/ssl
# openssl genrsa -out togaware.com.key 1024
# chmod 600 togaware.com.key
# openssl req -new -key togaware.com.key -out togaware.com.csr
AU
ACT
Canberra
Togaware
Data Mining
Kayon Toga
Kayon.Toga@togaware.com
# openssl x509 -req -days 365 -in togaware.com.csr \
-signkey togaware.com.key -out togaware.com.crt
# mv apache.pem apache.pem.old
# cp togaware.com.key apache.pem
# cat togaware.com.crt >> apache.pem
# chmod 600 apache.pem
# wajig restart apache2


My setup is pretty much as described in this answer and I am using CRT and KEY files (from this tutorial) instead of a PEM file, so maybe I messed something up trying to apply it to my case.

Then again, I found many forum entries suggesting it is entirely impossible to renew a self-signed cert and I have to create an new one from scratch.

Any help would be appreciated… or would this question better be suited to https://serverfault.com/ or https://superuser.com/ ?