| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| wiki:tech:certs [2024/01/16 09:29] – [GeoTrust Certificates] surfrock66 | wiki:tech:certs [2024/04/25 13:11] (current) – surfrock66 |
|---|
| [[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |
| | ---- |
| ===== GeoTrust Certificates ===== | ===== GeoTrust Certificates ===== |
| |
| We download the files to [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. | We download the files to [[wiki:inventories:tech:systems:sr66-web-01|sr66-web-01]] at /home/surfrock66/Projects/SSL with the name "wildcard.surfrock66.com.YYYY.EXT" with YYYY as the current year, and EXT as the file extension. |
| |
| The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". Additionally, you will need the RapidSSL Intermediate certificate, which I place in /etc/ssl/certs/RapidSSL.Intermediate.crt. All of these certs in /etc/ssl/certs/ need to be owned by "root:ssl-certs" and must have 644 permissions, all the certs in /etc/ssl/private must be owned by "root:ssl-certs" and must have 640 permissions. | The .crt file needs to be copied to "/etc/ssl/certs/wildcard.surfrock66.com.crt" and the .key needs to be copied to "/etc/ssl/private/wildcard.surfrock66.com.key". This will apply to all apache sites, and apache needs to be restarted with "systemctl restart apache2". Additionally, you will need the Intermediate certificate (formerly RapidSSL, now Digicert), which I place in /etc/ssl/certs/intermediate.surfrock66.crt. All of these certs in /etc/ssl/certs/ need to be owned by "root:ssl-certs" and must have 644 permissions, all the certs in /etc/ssl/private must be owned by "root:ssl-certs" and must have 640 permissions. |
| |
| Servers that have the wildcard cert and need to be updated when it is renewed: | Servers that have the wildcard cert and need to be updated when it is renewed: |
| * [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] | * [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] |
| |
| | On [[wiki:inventories:tech:systems:sr66-ast-01|sr66-ast-01]] the files that reference the cert: |
| | * /etc/asterisk/http.conf |
| | * /etc/asterisk/pjsip.conf |
| | * /etc/turnserver.conf |
| | |
| | ---- |
| [[wiki:tech|Back to Tech Documentation]] | [[wiki:tech|Back to Tech Documentation]] |
