Working with certificates

From WPRDC Wiki
Jump to navigation Jump to search

Certificates through Pitt

Requesting

Certificate requests can be made here: https://cert-manager.com/customer/InCommon/ssl?action=enroll

Contact Steve, or make a request to Pitt's help desk requesting a certificate, for details on how to log in.


During the process you'll need to generate a Certificate Signing Request (CSR). You can generate one like so: 

openssl req -newkey rsa:2048 -keyout PRIVATEKEY.key -out MYCSR.csr


You'll need to keep the key and store it on the server you're getting the certificate for. Nginx will need it and the cert we'll eventually receive to prove we're us.

Receiving

When receiving new certificates from Pitt's provider, none of the formats will work with nginx out of the box. The email they send will have links for various formats. Appending the "certificate only" format (just our part of the cert) to the "w/ issuer after" format will give us the full cert in the format we need. 

cat site_wprdc_org_cert.cer site_wprdc_org.pem > site_wprdc_org.cer
Retrieved from "https://wiki.tessercat.net/index.php?title=Working_with_certificates&oldid=14264"