Self-Signed SSL Certificate / Certbot

From DISI
Jump to navigation Jump to search

Introduction

We self sign our SSL Certificates for our websites proxied at these machines:

  • files2
  • vav
  • bksmailman

How To Self-Sign A Website(s)

Assuming that you are already running the software/app on httpd then we can begin.

  1. The command is: 
    • certbot --apache <options>
  2. Usually, I just use the '-d' domain flag: 
    • certbot --apache -d sample.docking.org

How To Remove SSL Cert From A Domain

  1. You should only do this if UCSF IT gave you an SSL Cert to use or you are migrating a domain name to another site.
    • certbot delete --cert-name sample.docking.org

How To Get a UCSF SSL Cert and Replace LetsEncrypt Certs

  1. File a SSL Ticket Request with UCSF IT here.
    • Create a CSR
    openssl req -new -newkey rsa:2048 -nodes -out servername.csr -keyout servername.key
  2. Create a directory to store the Certificate
  3. Download their Certificates using wget '<link>' and store in that directory
  4. Remove Let’s Encrypt Cert if it exists 
    • certbot delete --cert-name domain.com
  5. Go to the /etc/httpd/conf.d/<name>-le-ssl.conf of the site and at the bottom replace these with the path of where you put the Certificate
SSLCertificateFile <new path>
SSLCertificateKeyFile <new path>
SSLCertificateChainFile <new path>
Retrieved from "http://wiki.docking.org/index.php?title=Self-Signed_SSL_Certificate_/_Certbot&oldid=16497"