How to regenerate TLS/SSL keys after Heartbleed with CentOS

by Logan Rogers-Follis on Apr.11, 2014, under Techie

Below are some How-To’s on regenerating TLS/SSL keys after patching your CentOS server to fix the Heartbleed OpenSSL issue.

Regenerate new SSH Server Keys:
SSH1 protocol:
ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
SSH2 protocol:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Generate/Regenerate new Exim SSL/TLS key:

First make sure your Exim is compiles with SSL/TLS support
Generate Keys (D-H key is optional; adjust .key and .cert names to match server config):

cd /etc openssl req -x509 -newkey rsa:2048 -keyout eximrsa.key -out eximrsa.cert -days 9999 -nodes openssl dhparam -out eximdeffie.key 1024

Edit the Exim config file and add the following lines (as needed):

tls_dhparam = /etc/eximdeffie.key tls_certificate = /etc/eximrsa.cert tls_privatekey = /etc/eximrsa.key tls_advertise_hosts = *

Restart Exim

Generate/Regenerate new PureFTP TLS key:
Figure out the current location of the PureFTP TLS keys and then run the following to generate new keys (adjust file names as needed):
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout pure-ftpd.pem -out pure-ftpd.pem

Comments are closed.

RSS feed for this post (comments)

Recent Posts
- Program location when installed through Bottles May 4, 2024
- Tuning Seagate Exos drive for use in an unRAID May 4, 2024
- Minecraft – Changing game modes (Java) May 4, 2024
- USB Drive DISKPART “CLEAN” getting “Access is denied.” error December 30, 2023
- (Manjaro) KDE Plasma – screens not going to sleep December 30, 2023

Try New Technology

How to regenerate TLS/SSL keys after Heartbleed with CentOS

Recent Posts

Looking for something?

Visit our friends!

Archives