Changes between Version 2 and Version 3 of SSL Certificate Management


Ignore:
Timestamp:
01/12/08 04:50:01 (18 years ago)
Author:
secrest@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • SSL Certificate Management

    v2 v3  
    103103
    104104To sign a Certificate Signing Request, you need to gather the Certificate Signing Request file (mail.astro.columbia.edu.csr), the [wiki:"CAL Certificate Authority" CA Certificate] file (CAL-CA_root_cert.crt, which can be found in /usr/share/ca-certificates/cal/CAL-CA_root_cert.crt on any CW) and the CA Certificate key file (cacert.key) and its passphrase.  Switch into some working directory and place all those files there.  Then run the following commands:
    105 {{{mkdir demoCA
     105{{{
     106mkdir demoCA
    106107touch demoCA/index.txt
    107108echo "07" > demoCA/serial
     
    121122}}}
    122123That will create your new certificate, mail.astro.columbia.edu-cert.pem, good for one year, which you can install according to the directions in the Installing the Certificate section.
     124
     125=== Certificates Certified by the CAL CA ===
     126
     127==== terra.astro.columbia.edu ====
     128
     129This certificate is used for TLS connections to the LDAP server.
     130{{{
     131Server: terra
     132Path to Certificate: /etc/ldap/slapd.cert
     133Path to Key File: /etc/ldap/slapd.key
     134Valid: 1/16/2007 21:21:35 GMT - 1/16/2008 21:21:35 GMT
     135Serial Number: 0B
     136Subject: DC=edu, DC=columbia, DC=astro, OU=services, CN=terra.astro.columbia.edu
     137}}}
     138
     139==== mars.astro.columbia.edu ====
     140
     141This certificate is used for TLS connections to the LDAP server.
     142{{{
     143Server: mars
     144Path to Certificate: /etc/ldap/slapd.cert
     145Path to Key File: /etc/ldap/slapd.key
     146Valid: 1/10/2007 03:00:24 GMT - 1/10/2008 03:00:24 GMT
     147Serial Number: 09
     148Subject: DC=edu, DC=columbia, DC=astro, OU=services, CN=mars.astro.columbia.edu
     149}}}
     150
     151==== mail.astro.columbia.edu ====
     152
     153This certificate is used for SSL/TLS connections to the mail server and HTTPS connections to webmail.
     154{{{
     155Server: sedna
     156Path to Certificate: /etc/ssl/certs/mail.astro.columbia.edu-cert.pem
     157Path to Key File: /etc/ssl/private/mail.astro.columbia.edu.pem
     158Valid: 7/11/2007 21:58:02 GMT - 7/10/2008 21:58:02 GMT
     159Serial Number: 07
     160Subject: C=US, ST=New York, O=Columbia University Astrophysics Laboratory, OU=services, CN=mail.astro.columbia.edu, E=security@astro.columbia.edu
     161}}}
     162
     163==== docs.astro.columbia.edu ====
     164
     165This certificate is used for HTTPS connections to the wiki.
     166{{{
     167Server: uranus
     168Path to Certificate: /etc/ssl/certs/docs.astro.columbia.edu-cert.pem
     169Path to Key File: /etc/ssl/private/docs.astro.columbia.edu.pem
     170Valid: 12/28/2006 19:52:26 GMT - 12/28/2007 19:52:26 GMT
     171Serial Number: 08
     172Subject: DC=edu, DC=columbia, DC=astro, OU=services, CN=docs.astro.columbia.edu
     173}}}
     174
     175==== bee.astro.columbia.edu ====
     176
     177This certificate is used for HTTPS connections to the printer bee.
     178{{{
     179Server: bee
     180Valid: 1/17/07 20:53:47 GMT - 1/17/08 20:53:47 GMT
     181Serial Number: 0C
     182Subject: CN=bee.astro.columbia.edu, L=New York, ST=New York, C=us, O=Columbia University, OU=0017088B3F32, OU=J7949E, OU=Astrophysics Laboratory
     183}}}
     184
     185==== cricket.astro.columbia.edu ====
     186
     187This certificate is used for HTTPS connections to the printer cricket.
     188{{{
     189Server: cricket
     190Valid: 8/17/2006 18:26:46 GMT - 8/17/2007 18:26:46 GMT
     191Serial Number: 07
     192Subject: CN=cricket.astro.columbia.edu, L=New York, ST=New York, C=US, O=Columbia University, OU=001438DB599E, OU=J7949E, OU=Astrophysics Laboratory
     193}}}