Namecheap SSL Reissue bug
daniel —Tue, 04/08/2014 - 11:41am
Due to the Heartbleed bug in OpenSsl, I wanted to regenerate my ssl keys.
I did so in the normal fashion by using:
openssl genrsa -des3 -out bowerstudios.com.key 2048
Next I created the csr:
openssl req -new -key bowerstudios.com.key -out bowerstudios.com.csr
I verified they matched with:
openssl req -noout -modulus -in bowerstudios.com.csr | openssl md5
openssl rsa -noout -modulus -in bowerstudios.com.key | openssl md5
I created the reissue request and approved it through the rapid ssl flow.
When I received the new cert, Apache failed to startup. Checking the md5 of the new cert showed it did not match.
openssl x509 -noout -modulus -in bowerstudios.com.cert | openssl md5
Thinking I mistyped something, I went through the entire process again, and encountered the same error.
However, I noticed the md5 of the certificate from the second attempt, matched the md5 of the priv key and csr from the first attempt. When I matched the 3 with the same md5 from both attempts, my server started up successfully.
Finally, you should check into revoking the other certs.
- Log in to post comments
Comments
More Research
Submitted by daniel on Tue, 04/08/2014 - 1:34pmAfter looking at the issue a little more, I wonder if it is an issue with the SSL reseller Namecheap, as I experienced the same error with a Thawte certificate.
URLs for interacting with Certificate Authorities
Submitted by daniel on Tue, 04/08/2014 - 2:22pmGeoTrust / RapidSSL
Thawte