-
Notifications
You must be signed in to change notification settings - Fork 3
SSL Certificate Renewal
Siqi Tian edited this page Feb 5, 2017
·
2 revisions
The SSL Certificate are applied or renewed at University IT. A copy of it is in the inbox of daslab Gmail account. They are stored at /home/ubuntu/.ssl_cert/
on the server.
- The final version used by
aws iam
isdaslab_stanford_edu.key
(Private Key),daslab_stanford_edu.crt
(Public Key), anddaslab_stanford_edu.ca-bundle
(Chain Certificates). Details of Apache settings is at/etc/apache2/sites-enabled/000-default.conf
. - The Private Key is self-signed. The original file is at
/home/ubuntu/.ssl_cert/cert_self_sign/daslab_self_sign.key
. - The Public Key is signed by InCommons. The original file is at
/home/ubuntu/.ssl_cert/cert_InCommon/X509CO.cer
. - The Chain Certificates is a concatenated version of
/home/ubuntu/.ssl_cert/cert_InCommon/X509IO.cer
and/home/ubuntu/.ssl_cert/cert_InCommon/X509CO.cer
. It has 4 components in order:Root_AddTrustExternalCA.crt
,Intermediate_1_USERTrustRSAAddTrust.crt
,Intermediate_2_InCommonRSAServerCA.crt
, andPrimary_daslab_stanford.crt
; which can be found in/home/ubuntu/.ssl_cert/cert_InCommon/parsed/
. - The renew code is present both in the original email and
/home/ubuntu/.ssl_cert/cert_info.txt
.
New Admin Setup
Admin Responsibility
Server Environment
Overview
Linux
Python