[LON-CAPA-dev] SSL Request procedure
Guy Albertelli II
lon-capa-dev@mail.lon-capa.org
Fri, 19 Nov 2004 14:24:48 -0500 (EST)
Okay first fixup.
I am looking for help on making it readable. Let me know if anything
needs fixing.
1) get this script and place in /tmp
http://install.lon-capa.org/resources/request_ssl_key.sh
2) run it as www
su
su www
cd /tmp
sh request_ssl_key.sh
IMPORTANT: When is asks for 'Common Name' please enter you loncapa
hostid (I.E. msul1)
(it will generate a private/public key pair, the private key will be
stored in /home/httpd/lonCerts/lonKey.pem
It will be set to that only www can read this file.
You want to make sure this file stays secret)
3) the script will automaticaly send an email with your public key in
it so Lon-CAPA can sign it
4) after signing you will receive an email at whatever email address
you specified in 2
5) save this email to a file, remove the headers from it and as www
run it.
6) if it successfully completes you will have
/home/httpd/lonCerts/lonhostcert.pem (your signed public key)
/home/httpd/lonCerts/loncapaCA.pem (the public key of the Lon-CAPA
certificate authority)
7) now when you machine connects to another machine it will try to do
so over an ssl connection you can verify this by doing
ps auxwww | grep lonc
You should see something like:
lonc: msul1 Connection count: 1 Retries remaining: 2 (ssl)
Where before you saw:
lonc: msul1 Connection count: 1 Retries remaining: 2 (insecure)
--
guy@albertelli.com LON-CAPA Developer 0-7-3-2-