SSL Self Signed certificate was got expired. I have renewed the certificate in RHEL v8.10. After that through Ansible still old date of SSL certificate are reflecting in reports (AIOPS)
Please add more details how you check the ceritifcate date validity.
Sharing task(s) you use to check the dates is a good start.
Logs from the server
# openssl x509 -in /var/nexus/etc/ssl/nexus.crt -noout -text | grep -A 2 “Validity”
** Validity**
** Not Before: Feb 19 05:51:41 2025 GMT**
** Not After : Feb 19 05:51:41 2026 GMT**
-------------------------------------------------------------------------------------------
# openssl x509 -in /var/nexus/etc/ssl/nexus.key -noout -text | grep -A 2 “Validity”
unable to load certificate
139780946007872:error:0909006C:PEM routines:get_name:no start line:crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
---------------------------------------------------------------------------------------------
Logs from the AIOPS
|Platform|Hostname|Certificate_ Expiration_Date|Certificate Status|Certificate CN|Certificate Issuer|
|—|—|—|—|—|—|
|Linux|prvlkojxxxxx|13-Apr-24|Expired|C = US; ST = New York; L = Armonk; O = IBM; CN = XX.XX.XX.XX|SELF-SIGNED|
|Linux|prvlkojpxxxx|02-May-24|Expired|C = US; ST = New York; L = Armonk; O = IBM; CN = XX.XX.XX.XX|SELF-SIGNED|
That is an openssl shell command, not ansible code.
The error you get on the second command is because you’re trying to do x509 logic on a private key, that won’t work.
If I had to guess, you have an ansible playbook that renewed a certificate, but failed to reload the service that is using it?
In any case, we’d need to see the related ansible playbooks/etc to help you.
BTW you don’t have to use grep as openssl has a native option to get what you want: openssl x509 -in /var/nexus/etc/ssl/nexus.key -noout -dates.
1 Like