BowerStudios.com

  • My Lab
  • Family
  • Friends
  • Professional
  • About
Home

Namecheap SSL Reissue bug

daniel —Tue, 04/08/2014 - 11:41am

  • Security

Due to the Heartbleed bug in OpenSsl, I wanted to regenerate my ssl keys.
I did so in the normal fashion by using:
openssl genrsa -des3 -out bowerstudios.com.key 2048
Next I created the csr:
openssl req -new -key bowerstudios.com.key -out bowerstudios.com.csr

I verified they matched with:
openssl req -noout -modulus -in bowerstudios.com.csr | openssl md5
openssl rsa -noout -modulus -in bowerstudios.com.key | openssl md5

I created the reissue request and approved it through the rapid ssl flow.

When I received the new cert, Apache failed to startup. Checking the md5 of the new cert showed it did not match.
openssl x509 -noout -modulus -in bowerstudios.com.cert | openssl md5

Thinking I mistyped something, I went through the entire process again, and encountered the same error.

However, I noticed the md5 of the certificate from the second attempt, matched the md5 of the priv key and csr from the first attempt. When I matched the 3 with the same md5 from both attempts, my server started up successfully.

Finally, you should check into revoking the other certs.

  • Log in to post comments

Comments

More Research

Submitted by daniel on Tue, 04/08/2014 - 1:34pm

After looking at the issue a little more, I wonder if it is an issue with the SSL reseller Namecheap, as I experienced the same error with a Thawte certificate.

  • Log in to post comments

URLs for interacting with Certificate Authorities

Submitted by daniel on Tue, 04/08/2014 - 2:22pm

GeoTrust / RapidSSL
Thawte

  • Log in to post comments

Navigation

  • Search
  • Recent content
  • Contact Me
  • Mail
  • Pass Hasher
  • Bower Studios Admin

Quotes

daniel —Fri, 07/01/2011 - 12:51pm

Any code of your own that you haven't looked at for six or more months might as well have been written by someone else.

—

Eagleson's law

  • Log in to post comments
  • daniel's quotes

Popular content

Last viewed:

  • Oracle Date, Oracle TimeStamp, Oracle TimeStamp with Local, and Spring
  • Using SSL with an IP address instead of DNS
  • Black Listing
  • Bassists are Loaded
  • Move a project from one package structure to another in git

Copyright 2021 Daniel Bower
  • My Lab
  • Family
  • Friends
  • Professional
  • About