Every now and then, the Monit certificate will expire. Notes to myself:
cd /etc/ssl/localcerts sudo openssl req -new -x509 -days 365 -nodes -config monit.cnf -out monit.pem -keyout monit.pem sudo chown root.root monit.pem sudo chmod 0700 monit.pem sudo service monit restart sudo openssl x509 -noout -in monit.pem -fingerprint -sha1
Remember the fingerprint.
Getting Chrome to accept self-signed localhost certificate: visit the offending site, ignoring the security warning.
Getting Chrome to accept self-signed localhost certificate
1. On the site you want to add, right-click the red lock icon in the address bar:
2. Click the tab labeled **Connection**, then click **Certificate Information**
3. Click the **Details** tab, the click the button **Copy to File...**. This will open the Certificate Export Wizard, click **Next** to get to the **Export File Format** screen.
4. Choose **DER encoded binary X.509 (.CER)**, click **Next**
5. Click **Browse...** and save the file to your computer. Name it something descriptive. Click **Next**, then click **Finish**.
6. Open Chrome settings, scroll to the bottom, and click **Show advanced settings...**
7. Under **HTTPS/SSL**, click **Manage certificates...**
8. Click the **Trusted Root Certification Authorities** tab, then click the **Import...** button. This opens the Certificate Import Wizard. Click **Next** to get to the **File to Import** screen.
9. Click **Browse...** and select the certificate file you saved earlier, then click **Next**.
10. Select **Place all certificates in the following store**. The selected store should be **Trusted Root Certification Authorities**. If it isn’t, click **Browse...** and select it. Click **Next** and **Finish**
11. Compare fingerprints. Click **Yes** on the security warning.
When you restart Chrome, no more security warning and a green icon. If you don’t restart Chrome, no security warning but the red icon remains.
If you missed the question about the fingerprints, you can compare them later. In the list of certificates, click on the right one and click **View**, then visit **Details** and scroll down to **Thumbprint**.
#Administration #Security
(Please contact me if you want to remove your comment.)
⁂
Oh, and I also noticed that my `/etc/crontab` only executed the hourly jobs because all *other* jobs checked for the existence of *anacron* which I don’t use. Whaaat.
– Alex Schroeder 2016-11-17 17:01 UTC
---
Example:
alex@sibirocobombus:~$ sudo openssl x509 -noout -in /etc/ssl/localcerts/monit.pem -fingerprint -sha256 SHA256 Fingerprint=2A:F7:48:64:69:BB:0E:A6:06:24:16:92:EE:38:FB:DD:C0:9B:07:A0:57:D9:A0:8B:69:E0:15:7A:0B:46:27:19
Compared with:
Screenshot of the exception in Firefox
– Alex Schroeder 2017-01-21 12:32 UTC
