Changes between Version 9 and Version 10 of mosh-x509
- Timestamp:
- May 6, 2012, 3:55:53 PM (12 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
mosh-x509
v9 v10 13 13 On a new server, puppet will generate a 2048-bit RSA key as /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is created as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. These symlinks are created to ensure that services that rely on them are properly started. 14 14 15 A sysadmin is required to submit the CSR to cheapssls.com (or another member of the CA cartel). Choose {{{domain@mayfirst.org}}} for the confirmation email and {{{info@mayfirst.org}}} for the email address identified with the certificate. Please choose to use RapidSSL (there are many options for X509 certificate providers on this site). Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files:15 A sysadmin is required to submit the CSR to a [wiki:ordering-cartel-x509-certificates company that provides x509 certs]. Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files: 16 16 * replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates 17 17 * delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink