Skip to content
Snippets Groups Projects
Commit d11e647a authored by Gallenkamp, Fabian's avatar Gallenkamp, Fabian
Browse files

guide for PKCS#10 method

parent c1bcf75f
No related branches found
No related tags found
No related merge requests found
......@@ -2,6 +2,17 @@
## preparation
### request certificate (PKCS#10 method)
1. Create empty folder ``mkdir /opt/otree/temp`` and switch into ``cd /opt/otree/temp``
2. Adapt your config file ``request.conf``.
3. Generate encrypted private key and certificate request file with ``openssl req -config request.conf -newkey rsa:2048 -sha256 -outform PEM -out certrequest.pem`` from config file.
4. Verify your ``certrequest.pem`` with ``openssl req -in certrequest.pem -text``
5. Make a request with the certificate request file at your responsible office.
6. Unencrypt your private key with: ``openssl rsa -in domain.key.pem.enc -out domain.key.pem``.
7. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssh/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
8. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
9. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssh/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
### place ssl/tls certificate and key-file (unfortunately not scriptable due to security best-practices)
1. Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
2. Establish a ssh connection onto your server.
......@@ -82,14 +93,10 @@ otree_users:
And now run the playbook.
## change the configuration
1. Adapt your inventory-config again with ``nano ~/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.
## setup ssh keys
1. Generate a public-private key pair in the ansible project ``keys/<otree_instance_name>/`` with ``ssh-keygen -f id -t ed25519 -N '' -a 100``
2. Upload public key in your git provider (GitLab: User Settings->SSH Keys) and make sure you have access to the specified project in ``app_repo``
1. Adapt your inventory-config again with ``nano /opt/otree/otree-ansible/group_vars/otree_servers.yml`` and run the playbook.
## run the playbook
1. Change directory: ``cd ~/otree-ansible/``
1. Change directory: ``cd /opt/otree/otree-ansible/``
2. Run: ``ansible-playbook site.yml``
## FAQ
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment