81
edits
Changes
Jump to navigation
Jump to search
Line 16:
Line 16: − + − + Line 44:
Line 44: − + − Extract these into folder named CERT (folder name is optional, does not have to be very specific).+ Line 54:
Line 54: − the dot at end of line is required+ − + − + − Now we need to move our files into the rightful locations. To do this, copy yourdomain.crt into /home/e-smith/ssl.crt/ and yourdomain.key into /home/e-smith/ssl.key/+ − Also, do copy gd_bundle.crt into /usr/share/ssl/certs/+ + + + + + + + + + + + + + + + + + + + Line 77:
Line 96: − +
Certificate Integration GoDaddy Certificate (view source)
Revision as of 00:34, 14 March 2016
, 00:34, 14 March 2016→Update SME Config: correct pathname for chainfile and key file name in show modSSL
Also, you need to have ready the information for your company or organization.
Also, you need to have ready the information for your company or organization.
* Common Name: The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
* Common Name: The fully-qualified domain name, or URL, you're securing. For a wildcard certificate, prefix the common name with an asterisk (*), for example "*.abcompany.com".
* Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
* Organization: The registered name for your business. If you purchased the certificate as an individual, enter the certificate requestor's name.
* Organization Unit: If applicable, enter the DBA (doing business as) name.
* Organization Unit: If applicable, enter the DBA (doing business as) name.
* City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
* City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
====Configure SME====
====Configure SME====
Save the zip file to the desktop, or anywhere you can easily trace it when you get back to the commandline shell. The download will include 2 files: gd_bundle.crt and yourdomain.crt.
Save the zip file to the desktop, or anywhere you can easily trace it when you get back to the commandline shell. The download will include 2 files. The GoDaddy "bundle crt", e.g. gd_bundle.crt or gd_bundle-g2-g1.crt, and a new crt file for your domain. As of March 2014 the domain crt file name is a alphanumeric string.
Extract these into folder named CERT (folder name is optional, does not have to be very specific).
Copy (or move, although i prefer to keep a copy elsewhere) these 2 files to the location on the server where the yourdomain.key and yourdomain.csr files are already located. In my case:
Copy (or move, although i prefer to keep a copy elsewhere) these 2 files to the location on the server where the yourdomain.key and yourdomain.csr files are already located. In my case:
scp user@machinewithgui:/home/user/Desktop/CERT/* .
scp user@machinewithgui:/home/user/Desktop/CERT/* .
The dot at end of line is required for scp.
Optional: Use scp or putty or any client to drop a copy of the files created by the open ssl command, into the CERT folder on the machien with GUI.
Optional: Use scp or putty or any client to drop a copy of the files created by the open ssl command, into the CERT folder on the machine with GUI.
This will ensure that you have 4 new files in each of the 2 locations. the 4 files should be:
This will ensure that you have 4 new files in each of the 2 locations. The 4 files should be:
yourdomain.key, yourdomain.csr, yourdomain.crt, gd_bundle.crt.
yourdomain.key, yourdomain.csr, yourdomain.crt, gd_bundle.crt.
=====Update SME Config=====
Now we need to move our files into the correct folder locations.
# Copy the file yourdomain.crt into the folder /home/e-smith/ssl.crt/
# Copy the file gd_bundle.crt into the folder /home/e-smith/ssl.crt/
# Copy the file yourdomain.key into the folder /home/e-smith/ssl.key/
As an aside, on SME 7 you may need to copy gd_bundle.crt into /usr/share/ssl/certs/
The SME Server now needs to be told about your new certificate, and the key that was used to generate it. To do this, run these commands:
The SME Server now needs to be told about your new certificate, and the key that was used to generate it. To do this, run these commands:
config setprop modSSL crt /home/e-smith/ssl.crt/yourdomain.crt
config setprop modSSL crt /home/e-smith/ssl.crt/yourdomain.crt
config setprop modSSL CertificateChainFile /home/e-smith/ssl.chainfile/gd_bundle.crt
config setprop modSSL key /home/e-smith/ssl.key/yourdomain.key
config setprop modSSL key /home/e-smith/ssl.key/yourdomain.key
Verify that all is set correctly with the config show command.
config show modSSL;
modSSL=service
CertificateChainFile=/home/e-smith/ssl.chainfile/gd_bundle-g2-g1.crt
CommonName=*.abcompany.com
TCPPort=443
access=public
crt=/home/e-smith/ssl.crt/27dd606e9133e8.crt
key=/home/e-smith/ssl.key/yourdomain.key
status=enabled
Be sure to delete the existing PEM file, as a new one will be created anyway. Run this command:
Be sure to delete the existing PEM file, as a new one will be created anyway. Run this command:
Finally, run this command:
Finally, run this command:
signal-event post-upgrade; singal-event reboot
signal-event post-upgrade; signal-event reboot