Opened 3 years ago

Closed 3 years ago

#11659 closed Task/To do item (fixed)

Switching to Wildcard SSL Certificate

Reported by: Claude Owned by:
Priority: Medium Component: Tech
Keywords: SSL certificate, wildcard Cc: miguxx@…
Sensitive: no

Description

Hi folks - We're close to launching a moodle site for online education, which will be hosted on a subdomain (singlepayerschool.healthcare-now.org). The site needs to be secure, so we finally gave in and bought a wildcard SSL certificate that can cover subdomains. We've been getting help from a volunteer, Michael A., in setting this up, but he apparently can't finish the setup without root access to our virtual server.

Could you all either take the final steps on this, or give us the permissions we'd need for Michael to finish? I've cc'd Michael on this ticket, and pasted below his statement of the final steps that need to be taken.

Thanks!

Note from Michael A: "1) In /home/members/healthcarenow/sites/healthcare-now.org/include/ssl there are a number of files. Four of these belong to the wildcard certificate and they all begin with “star.” I don’t think the “.p7b” file is necessary but let’s keep them together just in case. These four files need to be moved to a place where it is convenient to access them from both healthcare-now.org and singlepayerschool.healthcare-now, and permissions must be given for the identities running those two sites to read them. Also, no less privileged user must be allowed to read them, at least not the “.key” file.

  1. Alternatively if such a place can’t be found the files can stay in place but permissions must be given for the other site “singlepayerschool” to read them.
  2. Alternatively if that also sucks, the files should be copied to the corresponding place under the singlepayerschool site, and read-permissions should be given to the identity running that site.

2)The ssl configuration for the main site must be set up to use the new certificate instead of the old one.

  1. Change /home/members/healthcarenow/sites/healthcare-now.org/.red/apache2/apache.conf.ssl to point to the new files the relevant files are, in order, crt, key, and ca-bundle. Keep a backup of the original file.

3) If that works the same must be done for the singlepayerschool site. In this case, there is no conf.ssl file so one must be made, and probably the main apache config needs to know about this nes ssl file as well. Point this file to the same paths or, if copies were made as in 1.b, point to these files."

Change History (2)

comment:1 Changed 3 years ago by JaimeV

  1. I've gone with option B.
  1. Done
  1. This is done however it seems that the site contains URLs linking to http verisons of some resources which some browsers will reject.
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.css"[Learn More] singlepayerschool.healthcare-now.org
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/theme/yui_combo.php?rollup/3.17.2/yui-moodlesimple-min.js&rollup/1458336312/mcore-min.js"[Learn More] singlepayerschool.healthcare-now.org
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/theme/styles.php/healthcarenow/1459888753/all"[Learn More] singlepayerschool.healthcare-now.org
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/lib/javascript.php/1458336312/lib/javascript-static.js"[Learn More] singlepayerschool.healthcare-now.org
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/lib/javascript.php/1458336312/lib/requirejs/require.min.js"[Learn More] singlepayerschool.healthcare-now.org
Blocked loading mixed active content "http://singlepayerschool.healthcare-now.org/theme/javascript.php/healthcarenow/1459888753/footer"[Learn More] singlepayerschool.healthcare-now.org
Loading mixed (insecure) display content on a secure page "http://singlepayerschool.healthcare-now.org/theme/image.php/healthcarenow/theme/1459888753/SinglePayerSchoolLogo"[Learn More] singlepayerschool.healthcare-now.org
Loading mixed (insecure) display content on a secure page "http://singlepayerschool.healthcare-now.org/theme/image.php/healthcarenow/theme/1459888753/HealthcareNOWLogo25c"[Learn More] singlepayerschool.healthcare-now.org
TypeError: require is not a function singlepayerschool.healthcare-now.org:130
ReferenceError: YUI is not defined singlepayerschool.healthcare-now.org:149
Loading mixed (insecure) display content on a secure page "http://singlepayerschool.healthcare-now.org/theme/image.php/healthcarenow/theme/1459888753/favicon"[Learn More] ContentLinkHandler.jsm:130

comment:2 Changed 3 years ago by Claude

Resolution: fixed
Status: newclosed

Thanks, Jaime - Michael has fixed the links in the moodle site, so I think we're good to go!

Ben

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.