Difference between revisions of "SSL"

From CSCWiki
Jump to navigation Jump to search
Line 2: Line 2:
   
 
The CSC currently has an SSL Certificate from GlobalSign for *.csclub.uwaterloo.ca provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.
 
The CSC currently has an SSL Certificate from GlobalSign for *.csclub.uwaterloo.ca provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.
  +
  +
JBROMAN WILL EXPAND THIS
   
 
== Certificate Location ==
 
== Certificate Location ==
   
  +
Keep a copy of newly generated certificates in /home/sysadmin/certs on the [[NFS]] server (currently [[Machine_List#aspartame|aspartame]]).
A list of places you'll need to put the new certificate to keep our services running.
 
  +
 
A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.
   
* caffeine:/etc/ssl/private/csclub-www-globalsign-wildcard.crt
+
* caffeine:/etc/ssl/private/csclub-wildcard.crt
 
* artificial-flavours:/etc/ssl/private/csclub-www-globalsign-wildcard.crt
 
* artificial-flavours:/etc/ssl/private/csclub-www-globalsign-wildcard.crt

Revision as of 16:47, 8 October 2013

GlobalSign

The CSC currently has an SSL Certificate from GlobalSign for *.csclub.uwaterloo.ca provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.

JBROMAN WILL EXPAND THIS

Certificate Location

Keep a copy of newly generated certificates in /home/sysadmin/certs on the NFS server (currently aspartame).

A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.

  • caffeine:/etc/ssl/private/csclub-wildcard.crt
  • artificial-flavours:/etc/ssl/private/csclub-www-globalsign-wildcard.crt