Changes between Version 9 and Version 10 of mosh-x509


Ignore:
Timestamp:
May 6, 2012, 11:55:53 AM (9 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • mosh-x509

    v9 v10  
    1313On a new server, puppet will generate a 2048-bit RSA key as /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is created as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. These symlinks are created to ensure that services that rely on them are properly started.
    1414
    15 A sysadmin is required to submit the CSR to cheapssls.com (or another member of the CA cartel). Choose {{{domain@mayfirst.org}}} for the confirmation email and {{{info@mayfirst.org}}} for the email address identified with the certificate. Please choose to use RapidSSL (there are many options for X509 certificate providers on this site). Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files:
     15A sysadmin is required to submit the CSR to a [wiki:ordering-cartel-x509-certificates company that provides x509 certs]. Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files:
    1616 * replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates
    1717 * delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink