[SAC] [OSGeo] #2295: Replace old secure with new secure
OSGeo
trac_osgeo at osgeo.org
Sun Apr 28 20:38:56 PDT 2019
#2295: Replace old secure with new secure
---------------------------+---------------------------------------
Reporter: robe | Owner: sac@…
Type: task | Status: new
Priority: blocker | Milestone: Sysadmin Contract 2019-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by robe):
Okay I hope i didn't miss any. I had to change the following servers to
use the OS included cert bundle (needed for cert root authentication) and
told jef to change the QGIS ones in same fashion.
Without this change we can never use anything but the SSL.com cert. The
OS packaged bundle works for both the existing SSL.com cert (expiring May
1) and the new Letsencrypt cert.
Change was as follows:
on /etc/ldap/ldap.conf
{{{
#TLS_CACERT /etc/ssl/certs/STAR_osgeo_org.ca-bundle #this file you need
to copy from osgeo6 as well
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
}}}
on /etc/nslcd.conf
{{{
#tls_cacertfile /etc/ssl/certs/STAR_osgeo_org.ca-bundle
tls_cacertfile /etc/ssl/certs/ca-certificates.crt
}}}
followed by
{{{
service nslcd restart
}}}
Done to:
{{{
all the containers on osgeo7 that use ldap
Servers -
adhoc.osgeo.osuosl.org (this has bee migrated but it's still on and need
to check if anything left)
backup.osgeo.osuosl.org
download.osgeo.osuosl.org #note this will hopefully be defunct soon once I
have webdav onnew container
osgeo6.osgeo.osuosl.org
projects.osgeo.osuosl.org #this sites now on old-projects on osgeo7, dut
did this just in case mssed anything
tracsvn.osgeo.osuosl.org
webextra.osgeo.osuosl.org
web.osgeo.osuosl.org #most stuff already migrated (and on old-web
container)
wiki.osgeo.osuosl.org
}}}
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2295#comment:8>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
More information about the Sac
mailing list