Changes between Version 10 and Version 11 of ordering-cartel-x509-certificates


Ignore:
Timestamp:
Feb 26, 2015, 5:53:11 PM (10 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ordering-cartel-x509-certificates

    v10 v11  
    1010 * Order from https://ssls.com/ (login in [wiki:keyringer keyringer])
    1111 * Purchasing and activating are different steps. First check to see if any x509 certificates have been purchased but not yet activated. If so, activate an already purchased certificate. Otherwise, purchase a new certificate. For payment method, choose paypal (password in [wiki:keyringer keyringer]).  Note that ssls.com does not group purchased-but-not-activated certificate together; you have to page through the order history to search for them.  (As of 4/13/2014, there were purchased-but-not-yet-activated certificates buried on page 8 ...)
    12  * Puppet will auto-generate a certificate signing request for you, with the canonical name as the "common name" (e.g. `mandela.mayfirst.org`). If you want a different "common name" (e.g. `members.mayfirst.org` or `webmail.mayfirst.org`) then you will need to generate a new csr.
     12 * Puppet will auto-generate a certificate signing request for you, with the canonical name as the "common name" (e.g. `mandela.mayfirst.org`) in /etc/ssl/. If you want a different "common name" (e.g. `members.mayfirst.org` or `webmail.mayfirst.org`) then you will need to generate a new csr.
    1313 * Login to the [https://members.mayfirst.org/cp members control panel] and ensure that your email address is listed as a recipient for the `hostmaster@mayfirst.org` email address.
    1414 * Order at least three 5-year standard (domain-validated) PositiveSSL certificates at a time (five years means less admin to update it, and less $ thrown at the cartel because of discounts; as of 2013-06-03 we are switching from RapidSSL to PositiveSSL.).