Task #165
Obtain SSL certificates for CNs
100%
Description
Need to purchase certificates for the coordinating nodes. Using certificates from a well known authority will make configuration of communications between CNs simpler and will improve trust in deployed infrastructure.
Depends on having DNS scheme sorted out ( #164 ).
History
#1 Updated by Matthew Jones about 15 years ago
We already have a wildcard certificate for dataone.org that allows us to provide ssl for an *.dataone.org host. I suspect this will be sufficient for our initial uses and that separate certs for each cn host will not be initially needed.
#2 Updated by Dave Vieglais about 15 years ago
Seems reasonable, though some (all?) certificate issuers generally restrict * certs to a single server (IP). The worst case though would be re-purchase of another * cert, and it seems unlikely that we'll be attracting that much attention.
Something to consider for version 1.0.
#3 Updated by Matthew Jones about 15 years ago
We purchased this certificate from GoDaddy which allows us to use it on multiple different IPs. We have already done so with other similar certs for other domains, so it should work fine to install this certificate on all 3 CNs.
#4 Updated by Dave Vieglais about 15 years ago
Good. Last one I was involved with was through rapidssl in which the legal agreement stated explicitly that the cert could only be installed on one machine, which kind of defeats the purpose of * certs... (functionally the cert works on multiple machines)
