Self-Signed SSL Certificate / Certbot: Difference between revisions
Jump to navigation
Jump to search
Jgutierrez6 (talk | contribs) |
Jgutierrez6 (talk | contribs) |
||
| Line 16: | Line 16: | ||
#*certbot delete --cert-name sample.docking.org | #*certbot delete --cert-name sample.docking.org | ||
== How To | == How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs == | ||
#File | # File a SSL Ticket Request with UCSF IT [https://ucsf.service-now.com/ucsfit?id=ucsf_sc_cat_item&sys_id=cac85acc3999d1406052ed799408d656&sysparm_category=c76baa05a5d51100e2dca212349e2286 here]. | ||
#Download their Certificates using wget '<link>' | #* Create a CSR | ||
#Remove Let’s Encrypt Cert | #: <source>openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key</source> | ||
# Create a directory to store the Certificate | |||
# Download their Certificates using wget '<link>' and store in that directory | |||
# Remove Let’s Encrypt Cert if it exists | |||
#*<source>certbot delete --cert-name domain.com</source> | #*<source>certbot delete --cert-name domain.com</source> | ||
#Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate | |||
#Go to the <name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate | |||
<source> | <source> | ||
SSLCertificateFile <new path> | SSLCertificateFile <new path> | ||
Revision as of 02:32, 7 January 2025
Introduction
We self sign our SSL Certificates for our websites proxied at these machines:
- files2
- vav
- bksmailman
How To Self-Sign A Website(s)
Assuming that you are already running the software/app on httpd then we can begin.
- The command is:
certbot --apache <options>
- Usually, I just use the '-d' domain flag:
certbot --apache -d sample.docking.org
How To Remove SSL Cert From A Domain
- You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
- certbot delete --cert-name sample.docking.org
How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs
- File a SSL Ticket Request with UCSF IT here.
- Create a CSR
openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
- Create a directory to store the Certificate
- Download their Certificates using wget '<link>' and store in that directory
- Remove Let’s Encrypt Cert if it exists
certbot delete --cert-name domain.com
- Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>