[LON-CAPA-dev] SSL Request procedure

Guy Albertelli II lon-capa-dev@mail.lon-capa.org
Fri, 19 Nov 2004 13:54:54 -0500 (EST)

Hey all,

These are the current directions for generating SSL keys

I am looking for help on making it readable. Let me know if anything
needs fixing.

1) get this script and place in /tmp

2) run it as www
    su www
    cd /tmp
    sh request_ssl_key.sh

(it will generate a private/public key pair, the private key will be
stored in /home/httpd/lonCerts/lonKey.pem
It will be set to that only www can read this file.

You want to make sure this file stays secret)

3) the script will automaticaly send an email with your public key in
   it so Lon-CAPA can sign it

4) after signing you will receive an email at whatever email address
   you specified in 2

5) save this email to a file, remove the headers from it and as www
   run it.

6) if it successfully completes you will have 
/home/httpd/lonCerts/lonhostcert.pem (your signed public key)
/home/httpd/lonCerts/loncapaCA.pem   (the public key of the Lon-CAPA
                                      certificate authority)

7) now when you machine connects to another machine it will try to do
   so over an ssl connection you can verify this by doing

ps auxwww | grep lonc

You should see something like:
lonc: msul1 Connection count: 1 Retries remaining: 2 (ssl) 

Where before you saw:
lonc: msul1 Connection count: 1 Retries remaining: 2 (insecure)

guy@albertelli.com  LON-CAPA Developer  0-7-3-2-