Changes between Version 5 and Version 6 of mosh-x509
- Timestamp:
- Nov 23, 2011, 2:42:11 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
mosh-x509
v5 v6 11 11 * /etc/ssl/HOST.mayfirst.org.csr: certificate signing request, used to request a new certificate when the existing one expires 12 12 13 On a new server, puppet will generate /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is create as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key.13 On a new server, puppet will generate /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is created as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. These symlinks are created to ensure that services that rely on them are properly started. 14 14 15 15 A sysadmin is required to submit the certificate signing request to rapidssl.com (or another vendor). Once the sys admin has the certificate, s/he should replace the symlinked files with the appropriate files (e.g. replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates and delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink, move HOST.mayfirst.org.uncertified.key to HOST.mayfirst.org.pem, and add both the certificate and any intermediary certificates to that file.
