From CSCWiki
Revision as of 17:16, 8 October 2013 by Jbroman (talk | contribs)
Jump to navigation Jump to search


The CSC currently has an SSL Certificate from GlobalSign for * provided at no cost to us through IST. GlobalSign likes to take a long time to respond to certificate signing requests (CSR) for wildcard certs, so our CSR really needs to be handed off to IST at least 2 weeks in advance. Having an invalid cert for any length of time leads to terrible breakage, followed by terrible workarounds and prolonged problems.


Certificate Location

Keep a copy of newly generated certificates in /home/sysadmin/certs on the NFS server (currently aspartame).

A list of places you'll need to put the new certificate to keep our services running. Private key (if applicable) should be kept next to the certificate with the extension .key.

  • caffeine:/etc/ssl/private/csclub-wildcard.crt (for Apache)
  • mail:/etc/ssl/private/csclub-wildcard.crt (for Apache, Postfix and Dovecot)
  • auth1:/etc/ssl/private/csclub-wildcard.crt (for slapd)
  • artificial-flavours:/etc/ssl/private/csclub-wildcard.crt (for Apache and slapd)