Ubuntu – How to re-issue OpenSSL snakeoil cert


In light of the recent heartbleed fiasco and whatnot I too have been scrambling to up security on some servers. My question is how do I reissue the Snakeoil cert that comes with Openssl?

The cert that it is currently using was issued in 2012, so clearly before this incident. So it seems like the protocol here is to reissue all certs and I cant find info on how to do so for snakeoil.

I am the only one who uses that cert, for PHPmyadmin, so do I even need to update it?

Best Answer

You can use this one-liner to regenerate both files in one shot. You'll need to restart Apache after the cert has been re-created.

openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem

If you're at all concerned about security (and you should be), then you should regenerate certificates on all affected critical servers, followed by an exhaustive service restart or a system reboot.

If you're just running a play-around box on your LAN that's one thing, but anything you've got on the internet you should definitely reissue.