Changes between Version 8 and Version 9 of mosh-x509


Ignore:
Timestamp:
May 3, 2012, 12:14:22 PM (9 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • mosh-x509

    v8 v9  
    1313On a new server, puppet will generate a 2048-bit RSA key as /etc/ssl/private/HOST.mayfirst.org.uncertified.key and /etc/ssl/HOST.mayfirst.org.csr. In addition /etc/ssl/HOST.mayfirst.org.crt is created as a symlink to /etc/ssl/cert/ssl-cert-snakeoil.pem and /etc/ssl/private/HOST.mayfirst.org.pem is a symlink to /etc/ssl/private/ssl-cert-snakeoil.key. These symlinks are created to ensure that services that rely on them are properly started.
    1414
    15 A sysadmin is required to submit the CSR to rapidssl.com (or another member of the CA cartel). Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files:
     15A sysadmin is required to submit the CSR to cheapssls.com (or another member of the CA cartel). Choose {{{domain@mayfirst.org}}} for the confirmation email and {{{info@mayfirst.org}}} for the email address identified with the certificate. Please choose to use RapidSSL (there are many options for X509 certificate providers on this site). Once the sysadmin has the certificate, s/he should replace the symlinked files with the appropriate files:
    1616 * replace the /etc/ssl/HOST.mayfirst.org.crt symlink with a file containing the actual certificate and any intermediary certificates
    1717 * delete the /etc/ssl/private/HOST.mayfirst.org.pem symlink