Try New Technology

How to regenerate TLS/SSL keys after Heartbleed with CentOS

by on Apr.11, 2014, under Techie

Below are some How-To’s on regenerating TLS/SSL keys after patching your CentOS server to fix the Heartbleed OpenSSL issue.

Regenerate new SSH Server Keys:
SSH1 protocol:
ssh-keygen -q -f /etc/ssh/ssh_host_key -N '' -t rsa1
SSH2 protocol:
ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa

Generate/Regenerate new Exim SSL/TLS key:

  • First make sure your Exim is compiles with SSL/TLS support
  • Generate Keys (D-H key is optional; adjust .key and .cert names to match server config):
  • cd /etc
    openssl req -x509 -newkey rsa:2048 -keyout eximrsa.key -out eximrsa.cert -days 9999 -nodes
    openssl dhparam -out eximdeffie.key 1024

  • Edit the Exim config file and add the following lines (as needed):
  • tls_dhparam = /etc/eximdeffie.key
    tls_certificate = /etc/eximrsa.cert
    tls_privatekey = /etc/eximrsa.key
    tls_advertise_hosts = *

  • Restart Exim

Generate/Regenerate new PureFTP TLS key:
Figure out the current location of the PureFTP TLS keys and then run the following to generate new keys (adjust file names as needed):
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout pure-ftpd.pem -out pure-ftpd.pem


Comments are closed.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!