You shouldn't need to generate a new pem file, all you need to do is make sure your system has an updated crt file.
On most Ubuntu systems the file that needs to be updated is in the /usr/share/ca-certificates/mozilla directory.
/etc/ssl/certs is full of symlinks -- most of them pointing to that directory.
So archive your old 2048-bit certificate.
mv /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt.expired
And pull down the updated file.
wget -O /usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt
https://www.entrust.net/downloads/binary/entrust_2048_ca.cer
--no-check-certificate
That should get your notifications flowing again.
No comments:
Post a Comment