Both sides previous revisionPrevious revisionNext revision | Previous revision |
wiki:tech:certs [2023/04/26 13:01] – [GeoTrust Certificates] surfrock66 | wiki:tech:certs [2024/04/25 13:11] (current) – surfrock66 |
---|
[[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |
| ---- |
===== GeoTrust Certificates ===== | ===== GeoTrust Certificates ===== |
| |
We have a wildcard certificate for *.surfrock66.com which is used on the actual PlusPlus Hosted www.surfrock66.com site, and is used in the house on any services which are accessible at *.surfrock66.com. Each year, we must purchase it as an add-on to the business hosted package ($140/year), then submit a ticket to PlusPlus Hosting for them to provide a copy of the certificate as a .crt and the key as a .key. They will attach it to the ticket, then after you download it, remove it. | We have a wildcard certificate for *.surfrock66.com which is used on the actual PlusPlus Hosted www.surfrock66.com site, and is used in the house on any services which are accessible at *.surfrock66.com. Each year, we must purchase it as an add-on to the business hosted package ($140/year), then submit a ticket to PlusPlus Hosting for them to provide a copy of the certificate as a .crt and the key as a .key. They will attach it to the ticket, then after you download it, remove it. |
| |
We download the files to [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. | We download the files to [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. |
| |
The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". Additionally, you will need the RapidSSL Intermediate certificate, which I place in /etc/ssl/certs/RapidSSL.Intermediate.crt. All of these certs in /etc/ssl/certs/ need to be owned by "root:ssl-certs" and must have 644 permissions, all the certs in /etc/ssl/private must be owned by "root:ssl-certs" and must have 640 permissions. | The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". Additionally, you will need the Intermediate certificate (formerly RapidSSL, now Digicert), which I place in /etc/ssl/certs/intermediate.surfrock66.crt. All of these certs in /etc/ssl/certs/ need to be owned by "root:ssl-certs" and must have 644 permissions, all the certs in /etc/ssl/private must be owned by "root:ssl-certs" and must have 640 permissions. |
| |
Servers that have the wildcard cert and need to be updated when it is renewed: | Servers that have the wildcard cert and need to be updated when it is renewed: |
* [[wiki:inventories:tech:systems:sr66-hda|sr66-hda]] | * [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] |
* [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] | * [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] |
| |
| On [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] the files that reference the cert: |
| * /etc/asterisk/http.conf |
| * /etc/asterisk/pjsip.conf |
| * /etc/turnserver.conf |
| |
| ---- |
[[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |