Changes between Version 2 and Version 3 of configure-mosh-x509


Ignore:
Timestamp:
Oct 1, 2013, 11:21:35 AM (6 years ago)
Author:
Ross
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • configure-mosh-x509

    v2 v3  
    2525   * d. You will recieve an validation email at hostmaster@mayfirst.org, validate it.
    2626   * e. You will recieve the certificate at hostmaster@mayfirst.org in a zip file.
    27    * f. save zip locally then on your local computer run 'scp /PATH/TO/SERVERNAME_mayfirst_org.zip root@SERVER_NAME.mayfirst.org:/etc/ssl/temp' to copy the zip file to the server.
    28    * g. on the server 'unzip /etc/ssl/temp/SERVERNAME_mayfirst_org.zip'
    29    * h. from /etc/ssl/temp on the host machine you can run 'cat PositiveSSLCA2.crt >> SERVERNAME_mayfirst_org.crt && mv SERVERNAME_mayfirst_org.crt ../SERVERNAME.mayfirst.org.crt.new' .  This will create the correct certificate for the /etc/ssl directory (including the intermediate certificate). You need both Intermediate and Primary certificates for apache to use ssl correctly.
    30    * i. next from /etc/ssl/private do 'umask 177; cat SERVERNAME.mayfirst.org.key.$(date +%F) >> SERVERNAME.mayfirst.org.pem.new'
    31    * j. next from /etc/ssl/private do 'cat ../SERVERNAME.mayfirst.org.crt.new >> SERVERNAME.mayfirst.org.pem.new; umask 133'
     27   * f. save zip locally then on your local computer run command below to copy the zip file to the server.
     28{{{
     29scp /PATH/TO/SERVERNAME_mayfirst_org.zip root@SERVER_NAME.mayfirst.org:/etc/ssl/temp
     30}}}
     31 
     32   * g. on the server
     33{{{
     34unzip /etc/ssl/temp/$(hostname)_mayfirst_org.zip
     35}}}
     36   * h. from /etc/ssl/temp on the host machine you can run
     37{{{
     38cat PositiveSSLCA2.crt >> $(hostname)_mayfirst_org.crt && mv $(hostname)_mayfirst_org.crt ../$(hostname).mayfirst.org.crt.new' . 
     39}}}
     40    * This will create the correct certificate for the /etc/ssl directory (including the intermediate certificate). You need both Intermediate and Primary certificates for apache to use ssl correctly.
     41   * i. next from /etc/ssl/private do
     42{{{
     43umask 177; cat $(hostname).mayfirst.org.key.$(date +%F) >> $(hostname).mayfirst.org.pem.new
     44}}}
     45   * j. next from /etc/ssl/private do
     46{{{
     47cat ../$(hostname).mayfirst.org.crt.new >> $(hostname).mayfirst.org.pem.new; umask 133
     48}}}
    3249   * k. Make sure no files in the /etc/ssl/private directory are readable by the world.
    33    * l. from /etc/ssl do 'mv $(hostname).mayfirst.org.crt{,.old} && mv $(hostname).mayfirst.org.crt{.new,} && mv private/$(hostname).mayfirst.org.pem{,.old} && mv private/$(hostname).mayfirst.org.pem{.new,}'
    34    * m. restart apache with 'service apache2 restart'
     50   * l. from /etc/ssl do
     51{{{
     52mv $(hostname).mayfirst.org.crt{,.old} && mv $(hostname).mayfirst.org.crt{.new,} && mv private/$(hostname).mayfirst.org.pem{,.old} && mv private/$(hostname).mayfirst.org.pem{.new,}
     53}}}
     54   * m. restart apache with
     55{{{
     56service apache2 restart
     57}}}
    3558   * i. Check that the certificate is working by going to https://SERVERNAME.mayfirst.org
    36    * n. restart courier-imap-ssl and courier-pop-ssl 'service courier-imap-ssl restart && service courier-pop-ssl restart'
     59   * n. restart courier-imap-ssl and courier-pop-ssl
     60{{{
     61service courier-imap-ssl restart && service courier-pop-ssl restart
     62}}}
    3763   * o. Remove any unnecessary files.  Here's an example of the needed files on jones (with permissions):
    3864