x509: certificate has expired or is not yet valid #11361
-
|
Hi recently the default self signed certs in our SO install (2.3.140) have expired and this is starting to cause issues. Originally I just produced an internal Cert from out internal PKI to put on the Web gui which resolved filebeat issues and also regenerated the fleetdm cert as that was throwing errors in the /var/log/messages. After this it all seemed ok until i rebooted a forward node and the docker images didn't start, I did some digging and eventually tried to delete all the pulled containers and try to re pull them. This then highlighted the cert on port 5000 is expired "docker pull SERVER:5000/security-onion-solutions/so-nginx:2.3.240 **_[root@fowardnode ~]# curl -vvI https://SERVER:5000
curl performs SSL certificate verification by default, using a "bundle" My question is how do I just regenerate all the self signed certs, or what is the bets option. If i do a soup will this regenerate? we are only 2 minor versions out and I cant see mention of this in the release notes. Hopefully this is something of nothing but is causing me issues atm! Thanks in advance |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Turns out i just needed to restart the docker service and it started using a new self signed cert in this location vi /opt/so/conf/docker-registry/etc/config.yml certificate: /etc/pki/registry.crt Lot of wasted time for an easy fix haha Ended up just rebooting manager |
Beta Was this translation helpful? Give feedback.
Turns out i just needed to restart the docker service and it started using a new self signed cert in this location
vi /opt/so/conf/docker-registry/etc/config.yml
certificate: /etc/pki/registry.crt
key: /etc/pki/registry.key
Lot of wasted time for an easy fix haha
Ended up just rebooting manager