aoe:digitalcertificates
- Luke has a script
/home/sysadmin/certs/requests/generate.sh
To use it, add the name www.aoe.vt.edu or mail.aoe.vt.edu as an argument
./generate.sh mail.aoe.vt.edu
Answer the questions with the defaults, except the last question does not have the answer. It is either
www.aoe.vt.edu mail.aoe.vt.edu
To examine the request
openssl req -text -noout -in bacchus.aoe.vt.edu_2011-03-21_web_req.csr
Submit the CSR's (which are the .pem files??) on
http://www.pki.vt.edu/subscriber/ssl_certificate.html
there's a link on it for the form.
Fax a form
Get the certificates
copy the certs and keys to the proper locations as indicated in the conf files.
mail server
/etc/mail/cert
defined in:
/etc/mail/sendmail.mc define(`CERT_DIR',`/etc/mail/certs') define(`confCACERT_PATH',`CERT_DIR') define(`confCACERT',`CERT_DIR/cacert.pem') define(`confSERVER_CERT',`CERT_DIR/cert.pem') define(`confSERVER_KEY',`CERT_DIR/key.pem') define(`confCLIENT_CERT',`CERT_DIR/cert.pem') define(`confCLIENT_KEY',`CERT_DIR/key.pem')
Web Server
/etc/httpd/conf/ssl.key/ /etc/httpd/conf/ssl.crt/
defined in:
/etc/httpd/conf.d/ssl.conf SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.aoe.vt.edu_2005-12-14_web_key.pem SSLCertificateFile /etc/httpd/conf/ssl.crt/www.aoe.vt.edu_2005-12-14_web.cer SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.c
Restart httpd
service httpd restart
It will complain if the files are not found!
aoe/digitalcertificates.txt · Last modified: 1970/01/18 07:09 by 127.0.0.1