fix: Resolve test failure - Refresh server.crt with existing key extending expiry to Nov 21 03:28:10 2034 GMT

[BaileyFirman]

Cert used for testing has expired, used openssl to refresh with extended expiry 10 years into the future

// Create new cert
openssl x509 -in server.crt -signkey server.key -days 3650 -out new_server.crt

// Verify
openssl x509 -in new_server.crt -text -noout

// Finally replace
mv new_server.crt server.crt

// Content of new cert
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            89:4e:6b:34:a9:c2:19:80
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Indiana, O=node-express-session, CN=express-session.local
        Validity
            Not Before: Nov 21 03:28:10 2024 GMT
            Not After : Nov 19 03:28:10 2034 GMT
        Subject: C=US, ST=Indiana, O=node-express-session, CN=express-session.local
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
                Modulus:
                    00:d8:1b:7f:7c:ce:a3:7a:62:ff:c5:03:1e:fb:7a:
                    82:cb:8d:ee:15:34:26:03:5d:47:22:58:1c:dc:79:
                    a6:79:bb:fa:ed:3f:f5:ec:85:34:16:0c:a1:5f:51:
                    b6:ff:92:69:e2:0d:ac:ec:09:ab:12:a0:db:14:0a:
                    b7:2a:40:f2:45:d6:31:77:17:d5:e3:b1:9c:5c:82:
                    00:da:6f:c3:00:6c:03:21:9e:12:5a:c7:69:77:c8:
                    f2:6c:5a:70:7f:f2:6a:d8:71:db:1d:40:d3:d7:27:
                    14:16:f4:c3:19:81:4c:73:ef:78:08:63:9f:eb:11:
                    e6:b2:53:da:30:81:c9:d5:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:5F:27:09:C1:16:E8:4E:19:34:B8:1D:C2:77:7F:A8:48:BC:F5:7E
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        93:fc:4d:6b:64:6c:5e:99:96:79:17:ca:97:f5:2a:13:b1:cd:
        38:10:b1:30:4f:73:f0:03:47:20:53:97:c6:99:69:9a:8c:f7:
        e3:c3:7d:fd:cb:9d:c4:40:06:ff:1f:fb:0c:86:e8:12:ad:e2:
        8c:2d:54:80:1d:18:4c:34:65:db:f9:d4:74:33:32:62:47:81:
        9b:29:1b:d8:c8:7b:a5:e3:38:d6:7a:7f:6e:42:b0:c7:76:0b:
        2a:0f:84:67:51:ca:bc:ec:70:7e:8b:8f:68:14:b3:79:f6:aa:
        08:f4:c3:a8:38:a0:5f:00:a1:8a:95:77:7e:20:bf:7e:8f:24:
        7f:8c

[UlisesGascon]

LGTM! Thanks @BaileyFirman for this pr!

[ctcpip]

I know it doesn't matter for testing, but can we use at least 2048 bits?

[bjohansebas]

We should merge as soon as possible and maybe release a new version (I'm not sure how CITGM works), since this solves #1009

cc: @expressjs/express-tc @UlisesGascon

[wesleytodd]

@ctcpip would you be alright removing your request if we fast followed with a script to regenerate the cert following that best practice?

EDIT: I probably should have looked at the commands listed to regen this first and noticed this was not regenerating the private key. Honestly this request seems like a new one that is unrelated to landing this PR. I think we should automate it, but I think we should override the "change request" for now as an unrelated (but still good) next step.

[ctcpip]

my ask was a trivial one

openssl genpkey -algorithm RSA -out new_server.key -pkeyopt rsa_keygen_bits:2048

openssl x509 -in server.crt -signkey new_server.key -days 3650 -out new_server.crt

openssl x509 -in new_server.crt -text -noout

mv new_server.crt server.crt

mv new_server.key server.key

anyway, I went ahead and did it, and pushed a new commit

[wesleytodd]

Adding a script for this: #1015