| 11 | * /etc/ssl/HOST.mayfirst.org.csr: certificate signing request, used to request a new certificate when the existing one expires |
| 12 | |
| 13 | On a new server, puppet will generate /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is create as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. |
| 14 | |
| 15 | A sysadmin is required to submit the certificate signing request to rapidssl.com (or another vendor). Once the sys admin has the certificate, s/he should replace the symlinked files with the appropriate files (e.g. replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates and delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink, move HOST.mayfirst.org.uncertified.key to HOST.mayfirst.org.pem, and add both the certificate and any intermediary certificates to that file. |