Self-Signed SSL Certificate / Certbot: Difference between revisions
Jump to navigation
Jump to search
Jgutierrez6 (talk | contribs) No edit summary |
Jgutierrez6 (talk | contribs) |
||
| (9 intermediate revisions by the same user not shown) | |||
| Line 16: | Line 16: | ||
#*certbot delete --cert-name sample.docking.org | #*certbot delete --cert-name sample.docking.org | ||
== How To | == How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs == | ||
# | # Create a CSR (Certificate Signing Request) | ||
# | #: <source>openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key</source> | ||
# File a SSL Ticket Request with UCSF IT [https://ucsf.service-now.com/ucsfit?id=ucsf_sc_cat_item&sys_id=cac85acc3999d1406052ed799408d656&sysparm_category=c76baa05a5d51100e2dca212349e2286 here]. | |||
# Create a directory to store the new Certificates | |||
# Download "Certificate Only" and "Certificate with chain" using wget '<link>' and store in the newly created directory. | |||
#Create a directory to store the Certificate | # Remove Let’s Encrypt Cert if it exists | ||
#Go to the <name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate | #:<source>certbot delete --cert-name domain.com</source> | ||
<source> | #Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate | ||
#:<source> | |||
SSLCertificateFile <new path> | SSLCertificateFile <new path> | ||
SSLCertificateKeyFile <new path> | SSLCertificateKeyFile <new path> | ||
SSLCertificateChainFile <new path> | SSLCertificateChainFile <new path> | ||
</source> | </source> | ||
== What Websites in which Machines Need UCSF Certs == | |||
Having and renewing these UCSF Certs for these specific websites keeps UCSF IT satisfied enough to not bother us. At some point, they will ask to replace all our website certificates. When that happens you can request for a Wildcard SSL Cert. As to how that cert gets implemented into Apache, I don't know. | |||
{| class="wikitable" | |||
|- | |||
! Website !! Machine | |||
|- | |||
| irwinlab1.ucsf.edu || files2 | |||
|- | |||
| irwinlab2.ucsf.edu || epyc | |||
|- | |||
| vav.compbio.ucsf.edu || vav | |||
|- | |||
|} | |||
Latest revision as of 20:22, 14 January 2025
Introduction
We self sign our SSL Certificates for our websites proxied at these machines:
- files2
- vav
- bksmailman
How To Self-Sign A Website(s)
Assuming that you are already running the software/app on httpd then we can begin.
- The command is:
certbot --apache <options>
- Usually, I just use the '-d' domain flag:
certbot --apache -d sample.docking.org
How To Remove SSL Cert From A Domain
- You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
- certbot delete --cert-name sample.docking.org
How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs
- Create a CSR (Certificate Signing Request)
openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
- File a SSL Ticket Request with UCSF IT here.
- Create a directory to store the new Certificates
- Download "Certificate Only" and "Certificate with chain" using wget '<link>' and store in the newly created directory.
- Remove Let’s Encrypt Cert if it exists
certbot delete --cert-name domain.com
- Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path> SSLCertificateKeyFile <new path> SSLCertificateChainFile <new path>
What Websites in which Machines Need UCSF Certs
Having and renewing these UCSF Certs for these specific websites keeps UCSF IT satisfied enough to not bother us. At some point, they will ask to replace all our website certificates. When that happens you can request for a Wildcard SSL Cert. As to how that cert gets implemented into Apache, I don't know.
| Website | Machine |
|---|---|
| irwinlab1.ucsf.edu | files2 |
| irwinlab2.ucsf.edu | epyc |
| vav.compbio.ucsf.edu | vav |