Changes between Version 6 and Version 7 of configure-mosh-x509


Ignore:
Timestamp:
Dec 20, 2013, 12:55:42 PM (6 years ago)
Author:
Ross
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • configure-mosh-x509

    v6 v7  
    4343umask 177; cat $(hostname).mayfirst.org.key.$(date +%F) >> $(hostname).mayfirst.org.pem.new
    4444}}}
     45    * i.1 Check the .pem file to verify it has the following components:
     46     * The secret key
     47     * The server's (End Entity) certificate
     48     * The intermediate certificate
     49
    4550   * j. next from /etc/ssl/private do
    4651{{{
     
    6065{{{
    6166service courier-imap-ssl restart && service courier-pop-ssl restart
     67}}}
     68    * n.0 In order to generate DH parameters, you may want to do `freepuppet-run` on the server in question.
     69    * n.1 Verify that imap is working, from your local machine do
     70{{{
     71gnutls-cli --port imaps SERVER_NAME.mayfirst.org
     72}}}
     73     * n.1.1 You should see a successful handshake and be able to verify the necessary certificates and intermediate certificates.  Look for lines like these in the output:
     74{{{
     75- Certificate[1] info:
     76 - subject `OU=Domain Control Validated,OU=PositiveSSL,CN=mandela.mayfirst.org', issuer `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2', RSA key 2048 bits, signed using RSA-SHA1, activated `2013-12-19 00:00:00 UTC', expires `2018-12-18 23:59:59 UTC', SHA-1 fingerprint `bf977b3ea56da74284e111391ed1efaaf6454dc2'
     77- Certificate[2] info:
     78 - subject `C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=PositiveSSL CA 2', issuer `C=SE,O=AddTrust AB,OU=AddTrust External TTP Network,CN=AddTrust External CA Root', RSA key 2048 bits, signed using RSA-SHA1, activated `2012-02-16 00:00:00 UTC', expires `2020-05-30 10:48:38 UTC', SHA-1 fingerprint `94807b1c788dd2fcbe19c8481ce41cfab8a4c17f'
    6279}}}
    6380   * o. Remove any unnecessary files.  Here's an example of the needed files on jones (with permissions):