SSL: Difference between revisions

From CSCWiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 7: Line 7:
== Certificate Location ==
== Certificate Location ==


Keep a copy of newly generated certificates in /home/sysadmin/certs on the [[NFS]] server (currently [[Machine_List#aspartame|aspartame]]).
Keep a copy of newly generated certificates in /home/sysadmin/certs on the server (currently [[Machine_List#aspartame|aspartame]]).


A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.
A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.

Revision as of 17:03, 8 October 2013

GlobalSign

The CSC currently has an SSL Certificate from GlobalSign for *.csclub.uwaterloo.ca provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.

JBROMAN WILL EXPAND THIS

Certificate Location

Keep a copy of newly generated certificates in /home/sysadmin/certs on the server (currently aspartame).

A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.

  • caffeine:/etc/ssl/private/csclub-wildcard.crt
  • mail:/etc/ssl/private/csclub-wildcard.crt
  • artificial-flavours:/etc/ssl/private/csclub-www-globalsign-wildcard.crt