Non-productions servers need to migrate to new commercial certificates
The GoDaddy test SSL certificates expired on July 17th, and so servers in each environment need to transition to use the newly purchased certificates. Dave has added these new certs to the 3 development CNs:
I have placed the certificate, key, and intermediate CA cert on cn-dev, cn-dev-2, and cn-dev-3.
The *.test.dataone.org certificate is /etc/ssl/.test.dataone.org.crt
The geotrust intermediate CA cert is /etc/ssl/geotrust_intermediate.crt
The key for *.test.dataone.org is /etc/ssl/private/.test.dataone.org.key
The new certs are for the test.dataone.org domain, and so the server names will need to change in DNS. During this transition, the CNs in the development environment will also be renamed to be aligned with our new name conventions (outlined by Andy):
I am proposing that we take advantage of the change to bring the three development coordinating nodes
in line with the current naming convention (cn---).
As a result, if this proposal is accepted, the machine names would change from --> to:
cn-dev.dataone.org --> cn-dev-ucsb-1.test.dataone.org cn-dev-2.dataone.org --> cn-dev-unm-1.test.dataone.org cn-dev-3.dataone.org --> cn-dev-orc-1.test.dataone.org cn-sandbox-ucsb-1.dataone.org --> cn-sandbox-ucsb-1.test.dataone.org cn-sandbox-unm-1.dataone.org --> cn-sandbox-unm-1.test.dataone.org cn-sandbox-orc-1.dataone.org --> cn-sandbox-orc-1.test.dataone.org cn-stage-ucsb-1.dataone.org --> cn-stage-ucsb-1.test.dataone.org cn-stage-unm-1.dataone.org --> cn-stage-unm-1.test.dataone.org cn-stage-orc-1.dataone.org --> cn-stage-orc-1.test.dataone.org
Configuration scripts in the dataone-cn-os-core debian package will need to be updated to reflect the DNS changes