Line 16: |
Line 16: |
| | | |
| Also, you need to have ready the information for your company or organization. | | Also, you need to have ready the information for your company or organization. |
− | * Common Name: The fully-qualified domain name, or URL, you're securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com. | + | * Common Name: The fully-qualified domain name, or URL, you're securing. For a wildcard certificate, prefix the common name with an asterisk (*), for example "*.abcompany.com". |
− | * Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name. | + | * Organization: The registered name for your business. If you purchased the certificate as an individual, enter the certificate requestor's name. |
| * Organization Unit: If applicable, enter the DBA (doing business as) name. | | * Organization Unit: If applicable, enter the DBA (doing business as) name. |
| * City or Locality: Name of the city where your organization is registered/located. Do not abbreviate. | | * City or Locality: Name of the city where your organization is registered/located. Do not abbreviate. |
Line 44: |
Line 44: |
| | | |
| ====Configure SME==== | | ====Configure SME==== |
− | Save the zip file to the desktop, or anywhere you can easily trace it when you get back to the commandline shell. The download will include 2 files: gd_bundle.crt and yourdomain.crt. | + | Save the zip file to the desktop, or anywhere you can easily trace it when you get back to the commandline shell. The download will include 2 files. The GoDaddy "bundle crt", e.g. gd_bundle.crt or gd_bundle-g2-g1.crt, and a new crt file for your domain. As of March 2014 the domain crt file name is a alphanumeric string. |
| | | |
− | Extract these into folder named CERT (folder name is optional, does not have to be very specific).
| + | Extract these into folder named CERT (folder name is optional, does not have to be very specific). |
| | | |
| Copy (or move, although i prefer to keep a copy elsewhere) these 2 files to the location on the server where the yourdomain.key and yourdomain.csr files are already located. In my case: | | Copy (or move, although i prefer to keep a copy elsewhere) these 2 files to the location on the server where the yourdomain.key and yourdomain.csr files are already located. In my case: |
Line 54: |
Line 54: |
| scp user@machinewithgui:/home/user/Desktop/CERT/* . | | scp user@machinewithgui:/home/user/Desktop/CERT/* . |
| | | |
− | the dot at end of line is required
| + | The dot at end of line is required for scp. |
| | | |
− | Optional: Use scp or putty or any client to drop a copy of the files created by the open ssl command, into the CERT folder on the machien with GUI. | + | Optional: Use scp or putty or any client to drop a copy of the files created by the open ssl command, into the CERT folder on the machine with GUI. |
| | | |
− | This will ensure that you have 4 new files in each of the 2 locations. the 4 files should be: | + | This will ensure that you have 4 new files in each of the 2 locations. The 4 files should be: |
| | | |
| yourdomain.key, yourdomain.csr, yourdomain.crt, gd_bundle.crt. | | yourdomain.key, yourdomain.csr, yourdomain.crt, gd_bundle.crt. |
| | | |
− | Now we need to move our files into the rightful locations. To do this, copy yourdomain.crt into /home/e-smith/ssl.crt/ and yourdomain.key into /home/e-smith/ssl.key/
| + | =====Update SME Config===== |
| | | |
− | Also, do copy gd_bundle.crt into /usr/share/ssl/certs/
| + | Now we need to move our files into the correct folder locations. |
| + | # Copy the file yourdomain.crt into the folder /home/e-smith/ssl.crt/ |
| + | # Copy the file gd_bundle.crt into the folder /home/e-smith/ssl.crt/ |
| + | # Copy the file yourdomain.key into the folder /home/e-smith/ssl.key/ |
| + | |
| + | As an aside, on SME 7 you may need to copy gd_bundle.crt into /usr/share/ssl/certs/ |
| | | |
| The SME Server now needs to be told about your new certificate, and the key that was used to generate it. To do this, run these commands: | | The SME Server now needs to be told about your new certificate, and the key that was used to generate it. To do this, run these commands: |
| | | |
| config setprop modSSL crt /home/e-smith/ssl.crt/yourdomain.crt | | config setprop modSSL crt /home/e-smith/ssl.crt/yourdomain.crt |
| + | config setprop modSSL CertificateChainFile /home/e-smith/ssl.chainfile/gd_bundle.crt |
| config setprop modSSL key /home/e-smith/ssl.key/yourdomain.key | | config setprop modSSL key /home/e-smith/ssl.key/yourdomain.key |
| + | |
| + | Verify that all is set correctly with the config show command. |
| + | |
| + | config show modSSL; |
| + | modSSL=service |
| + | CertificateChainFile=/home/e-smith/ssl.chainfile/gd_bundle-g2-g1.crt |
| + | CommonName=*.abcompany.com |
| + | TCPPort=443 |
| + | access=public |
| + | crt=/home/e-smith/ssl.crt/27dd606e9133e8.crt |
| + | key=/home/e-smith/ssl.key/yourdomain.key |
| + | status=enabled |
| + | |
| | | |
| Be sure to delete the existing PEM file, as a new one will be created anyway. Run this command: | | Be sure to delete the existing PEM file, as a new one will be created anyway. Run this command: |
Line 77: |
Line 96: |
| Finally, run this command: | | Finally, run this command: |
| | | |
− | signal-event post-upgrade; singal-event reboot | + | signal-event post-upgrade; signal-event reboot |
| | | |
| | | |