Expired SSL Certificate still showing up on security scans

When I run a security scan, it tells me I have a vulnerability. I "!" before the certificate name in the /etc/ca-certificates.conf, saved and ran update-ca-certificates -f and restarted the apache server. Is there anything I am missing that I need to do to remove this expired certificate?

Security Scan Results Screenshot

Super User Asked by Alex Bertens on December 30, 2020

1 Answers

One Answer

Your Apache service is presenting an expired certificate in the chain to clients. Specifically, this one which expired in May. As the linked page says, there is a replacement available which is valid until 2028.

Apache's configuration file points to a file containing the chain of certificates which it presents to the clients. This is configured with the SSLCertificateFile directive.

In your Ubuntu installation, the Apache config file config file containing this directive is somewhere within /etc/apache2. Where exactly depends on which instructions you used to configure TLS. You need to find the config file and then the file pointed to by the above directive. It is this latter file which contains your certificate chain.

The file contains multiple certificates, each delineated with ----- BEGIN CERTIFICATE ---- and ----- END CERTIFICATE -----. You need to re-create this file (back it up first!) with your server certificate first, followed by the replacement certificate. Once you've done that, restart Apache and you should stop getting the error.

Correct answer by garethTheRed on December 30, 2020

Add your own answers!

Related Questions

windows 10 wuauclt.exe not working

3  Asked on December 1, 2021 by seanclt


Use sed to replace $ in a tcl script

1  Asked on December 1, 2021 by user1200908


Beep while building RAID 1 array

0  Asked on December 1, 2021


Using BIND With Different Nameservers for Different Devices

1  Asked on December 1, 2021 by sam-bernstein


Elevated command line prompt can’t access shared drives

8  Asked on November 29, 2021 by mindless-panda


Ask a Question

Get help from others!

© 2022 All rights reserved.