Changes between Version 6 and Version 7 of configure-mosh-x509

Timestamp:

Dec 20, 2013, 5:55:42 PM (12 years ago)

Author:

Ross

Comment:

--

configure-mosh-x509

@@ -43 +43 @@
 umask 177; cat $(hostname).mayfirst.org.key.$(date +%F) >> $(hostname).mayfirst.org.pem.new
 }}}
+    * i.1 Check the .pem file to verify it has the following components:
+     * The secret key
+     * The server's (End Entity) certificate
+     * The intermediate certificate
+
    * j. next from /etc/ssl/private do 
 {{{
@@ -60 +65 @@
 {{{
 service courier-imap-ssl restart && service courier-pop-ssl restart
+}}}
+    * n.0 In order to generate DH parameters, you may want to do `freepuppet-run` on the server in question.
+    * n.1 Verify that imap is working, from your local machine do
+{{{
+gnutls-cli --port imaps SERVER_NAME.mayfirst.org
+}}}
+     * n.1.1 You should see a successful handshake and be able to verify the necessary certificates and intermediate certificates.  Look for lines like these in the output:
+{{{
+- Certificate[1] info:
+ - subject `OU=Domain Control Validated,OU=PositiveSSL,CN=mandela.mayfirst.org', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-12-19 00:00:00 UTC', expires `2018-12-18 23:59:59 UTC', SHA-1 fingerprint `bf977b3ea56da74284e111391ed1efaaf6454dc2'
+- Certificate[2] info:
+ - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2012-02-16 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `94807b1c788dd2fcbe19c8481ce41cfab8a4c17f'
 }}}
    * o. Remove any unnecessary files.  Here's an example of the needed files on jones (with permissions):