Changes between Version 6 and Version 7 of mosh-x509


Ignore:
Timestamp:
Nov 23, 2011, 2:44:09 PM (14 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • mosh-x509

    v6 v7  
    1313On a new server, puppet will generate /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is created as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. These symlinks are created to ensure that services that rely on them are properly started.
    1414
    15 A sysadmin is required to submit the certificate signing request to rapidssl.com (or another vendor). Once the sys admin has the certificate, s/he should replace the symlinked files with the appropriate files (e.g. replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates and delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink, move HOST.mayfirst.org.uncertified.key to HOST.mayfirst.org.pem, and add both the certificate and any intermediary certificates to that file.
     15A sysadmin is required to submit the certificate signing request to rapidssl.com (or another vendor). Once the sys admin has the certificate, s/he should replace the symlinked files with the appropriate files:
     16 * replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates
     17 * delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink
     18 * move /etc/ssl/private/HOST.mayfirst.org.uncertified.key to /etc/ssl/private/HOST.mayfirst.org.pem
     19 * append both the certificate and any intermediary certificates to /etc/ssl/private/HOST.mayfirst.org.pem
     20 * restart apache2, postfix, courier-imap-ssl and courier-pop-ssl
    1621
    1722If, for some reason, the MOSH server is using a common name other than HOST.mayfirst.org (e.g. secure.critpath.org is used instead of didier.mayfirst.org), then the files should be named after the common name (secure.critpath.org) and HOST.mayfirst.org should be a symlink to the actual file. This naming convention helps us easily identify what common name the certificates should be presenting.