[LON-CAPA-dev] SSL Request Procedure

Guy Albertelli II lon-capa-dev@mail.lon-capa.org
Tue, 30 Nov 2004 16:29:30 -0500 (EST)

Second fix up, turns out I'm not so good at Latin maybe as good as I
am at English.

Also msul1 (data.lite.msu.edu) is now officially only accepting ssl
connections, so if you haven't sent me an ssl request you will be
unable to connect to data until you do.

1) get this script and place in /tmp

2) run it as www
    su www
    cd /tmp
    sh request_ssl_key.sh

IMPORTANT: When is asks for 'Common Name' please enter you loncapa
hostid (For example "msul1" or "fsul2")

(it will generate a private/public key pair, the private key will be
stored in /home/httpd/lonCerts/lonKey.pem
It will be set so that only www can read this file. You will want to
make sure this file stays secret)

3) the script will automaticaly send an email with your public key in
   it to certificate@lon-capa.org so Lon-CAPA can sign it

4) after signing you will receive an email at whatever email address
   you specified in 2

5) save this email to a file, remove the headers from it and as www
   run it.

6) if it successfully completes you will have 
/home/httpd/lonCerts/lonhostcert.pem (your signed public key)
/home/httpd/lonCerts/loncapaCA.pem   (the public key of the Lon-CAPA
                                      certificate authority)

7) Now when you machine connects to another machine it will try to do
   so over an ssl connection. You can verify this by doing

ps auxwww | grep lonc

You should see something like:
lonc: msul1 Connection count: 1 Retries remaining: 2 (ssl) 

Where before you saw:
lonc: msul1 Connection count: 1 Retries remaining: 2 (insecure)

guy@albertelli.com  LON-CAPA Developer  0-7-3-2-