wiki:HTTPScert
Last modified 7 years ago Last modified on 08/26/14 13:31:55

HTTPS Certificate Renewal and Installation

Current Certificate expires 08/13/2016 23:59:59 GMT

HTTPS Certificate Renewal

You'll need to be logged in as galaxy in order to access the .key file

If you don't have sudo privileges to become root on the galaxy VM see New Admin Setup to get access.

For Users With Sudo Privileges

sudo su - 
mkdir /root/InCommon
cd /root/InCommon
cp -a /etc/pki/tls/private/galaxy.uabgrid.uab.edu.key ./
openssl req -out galaxy.uabgrid.uab.edu.csr -key galaxy.uabgrid.uab.edu.key -new

The site to request certs: https://www.uab.edu/it/uabcrt/

Meta Data

.csr Creation

Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Alabama
Locality Name (eg, city) [Newbury]:Birmingham
Organization Name (eg, company) [My Company Ltd]:UAB
Organizational Unit Name (eg, section) []:CCTS
Common Name (eg, your name or your server's hostname) []:galaxydev.uabgrid.uab.edu
Email Address []:galaxy-help@vo.uabgrid.uab.edu

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: "LEAVE BLANK"
An optional company name []: "LEAVE BLANK"

.cer Creation

Email: galaxy-help@vo.uabgrid.uab.edu

Certificate Details:
    Common Name :  galaxy.uabgrid.uab.edu
    Subject Alternative Names : 
    Number of licenses : 
    SSL Type :     InCommon SSL
    Term :         2 Year(s)
    Server :       Apache/ModSSL

HTTPS Installation

  • Once you have received the the certificate from the UAB certificate request site, the certificate needs to be placed into the following folder:
    /etc/pki/tls/certs/
    
  • The certificate should also be renamed to fit the format galaxy.uabgrid.uab.edu.YYYY-MM-DD.cer
  • Next the httpd configuration file (/etc/http/conf.d/ssl.conf) needs to be updated to point to the new certificate.
  • Once the config file has been updated the httpd process needs to be restarted.
    /etc/init.d/httpd restart