<yambe:breadcrumb>Security_tools|Security tools</yambe:breadcrumb>

genkey

CentOS comes with a self-signed certificate for localhost generated at '/etc/pki/tls/certs/localhost.crt' and corresponding private key at '/etc/pki/tls/private/localhost.key'. If the certificate is expired after a period of year then certwatch will generate a SSL certificate warning. To create new certificates using genkey to resolve the issue use following commands:

rm -f /etc/pki/tls/private/localhost.key
rm -f /etc/pki/tls/certs/localhost.crt
genkey localhost

For simple hosting choose 1024-bit key length and avoid encrypting private key. There is no need of generating CSR for localhost. Server FQDN would be localhost. Other values for City, Organization, etc. can be filled appropriately, they will not affect the security offerred by certificate in any way.

In rare case if this does not works try:

openssl req -x509 -nodes -days 9999 -newkey rsa:1024 -keyout localhost.pem -out localhost.pem
cp localhost.pem /etc/pki/tls/certs/localhost.crt