| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| wiki:tech:certs [2023/04/26 10:28] – [GeoTrust Certificates] surfrock66 | wiki:tech:certs [2024/04/25 13:11] (current) – surfrock66 |
|---|
| [[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |
| | ---- |
| ===== GeoTrust Certificates ===== | ===== GeoTrust Certificates ===== |
| |
| We have a wildcard certificate for *.surfrock66.com which is used on the actual PlusPlus Hosted www.surfrock66.com site, and is used in the house on any services which are accessible at *.surfrock66.com. Each year, we must purchase it as an add-on to the business hosted package ($140/year), then submit a ticket to PlusPlus Hosting for them to provide a copy of the certificate as a .crt and the key as a .key. They will attach it to the ticket, then after you download it, remove it. | We have a wildcard certificate for *.surfrock66.com which is used on the actual PlusPlus Hosted www.surfrock66.com site, and is used in the house on any services which are accessible at *.surfrock66.com. Each year, we must purchase it as an add-on to the business hosted package ($140/year), then submit a ticket to PlusPlus Hosting for them to provide a copy of the certificate as a .crt and the key as a .key. They will attach it to the ticket, then after you download it, remove it. |
| |
| We download the files to [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. | We download the files to [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. |
| |
| The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". | The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". Additionally, you will need the Intermediate certificate (formerly RapidSSL, now Digicert), which I place in /etc/ssl/certs/intermediate.surfrock66.crt. All of these certs in /etc/ssl/certs/ need to be owned by "root:ssl-certs" and must have 644 permissions, all the certs in /etc/ssl/private must be owned by "root:ssl-certs" and must have 640 permissions. |
| |
| Servers that have the wildcard cert and need to be updated when it is renewed: | Servers that have the wildcard cert and need to be updated when it is renewed: |
| * [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]] | * [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] |
| * [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] | * [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] |
| |
| | On [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] the files that reference the cert: |
| | * /etc/asterisk/http.conf |
| | * /etc/asterisk/pjsip.conf |
| | * /etc/turnserver.conf |
| | |
| | ---- |
| [[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |
