Skip to content
Snippets Groups Projects
Commit faca98f4 authored by Gallenkamp, Fabian's avatar Gallenkamp, Fabian
Browse files

minor corrections

parent 7c3f2230
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 15 additions and 22 deletions
README.md
+ 15
22
View file @ faca98f4
......@@ -3,33 +3,26 @@
## preparation
### request certificate (PKCS#10 method)
1. Create empty folder ``mkdir /opt/otree/temp`` and switch into ``cd /opt/otree/temp``
2. Adapt your config file ``request.conf``.
3. Generate encrypted private key and certificate request file with ``openssl req -config request.conf -newkey rsa:2048 -sha256 -outform PEM -out certrequest.pem`` from config file.
4. Verify your ``certrequest.pem`` with ``openssl req -in certrequest.pem -text``
5. Make a request with the certificate request file at your responsible office.
6. Unencrypt your private key with: ``openssl rsa -in domain.key.pem.enc -out domain.key.pem``.
7. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssl/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
8. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
9. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssl/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
### place ssl/tls certificate and key-file (unfortunately not scriptable due to security best-practices)
1. Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
2. Establish a ssh connection onto your server.
3. Then move the certificate files into place:
``sudo mv /home/user/mycert.crt /etc/ssl/certs/``
``sudo mv /home/user/mycert.key /etc/ssl/private/``
1. Establish a ssh connection onto your server.
4. And set the permissions correctly:
2. Create empty folder ``mkdir /opt/otree/temp`` and switch into ``cd /opt/otree/temp``
3. Adapt your config file ``request.conf``.
4. Generate encrypted private key and certificate request file with ``openssl req -config request.conf -newkey rsa:2048 -sha256 -outform PEM -out certrequest.pem`` from config file.
5. Verify your ``certrequest.pem`` with ``openssl req -in certrequest.pem -text``
6. Make a request with the certificate request file at your responsible office.
7. Unencrypt your private key with: ``openssl rsa -in domain.key.pem.enc -out domain.key.pem``.
8. Move your unencrypted private key file with ``sudo mv /opt/otree/temp/private-key.pem /etc/ssl/private/domain.key.pem.enc``. (Note: Verify permissions! 0600)
9. Upload the obtained certificate and the certificate chain onto your server into ``/opt/otree/temp`` and append the chain (PA-Cert) to the certificate with ``cat pa-chain.pem >> cert-myserver.pem``.
10. Lastly move the certificate to the correct location: ``sudo mv /opt/tree/temp/cert-myserver.pem /etc/ssl/certs/domain.crt.pem`` (Note: Verify permissions! 0644)
11. And set the permissions correctly:
``sudo chown root:root /etc/ssl/certs/mycert.crt /etc/ssl/private/mycert.key``
``sudo chown root:root /etc/ssl/certs/domain.crt.pem /etc/ssl/private/domain.key.pem``
``sudo chmod 644 /etc/ssl/certs/mycert.crt``
``sudo chmod 644 /etc/ssl/certs/domain.crt.pem``
``sudo chmod 600 /etc/ssl/private/mycert.key``
``sudo chmod 600 /etc/ssl/private/domain.key.pem``
Note: Use ``scp mycert.crt user@host:/home/user/`` and ``scp mycert.key user@host:/home/user/`` or use [WinSCP](https://de.wikipedia.org/wiki/WinSCP) to copy over the certificate files.
### install ansible and clone this project on your server
1. Establish a ssh connection onto your server.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment