SSL: Difference between revisions
No edit summary |
mNo edit summary |
||
| Line 7: | Line 7: | ||
== Certificate Location == |
== Certificate Location == |
||
Keep a copy of newly generated certificates in /home/sysadmin/certs on the server (currently [[Machine_List#aspartame|aspartame]]). |
Keep a copy of newly generated certificates in /home/sysadmin/certs on the NFS server (currently [[Machine_List#aspartame|aspartame]]). |
||
A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key. |
A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key. |
||
Revision as of 17:03, 8 October 2013
GlobalSign
The CSC currently has an SSL Certificate from GlobalSign for *.csclub.uwaterloo.ca provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.
JBROMAN WILL EXPAND THIS
Certificate Location
Keep a copy of newly generated certificates in /home/sysadmin/certs on the NFS server (currently aspartame).
A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.
- caffeine:/etc/ssl/private/csclub-wildcard.crt
- mail:/etc/ssl/private/csclub-wildcard.crt
- artificial-flavours:/etc/ssl/private/csclub-www-globalsign-wildcard.crt