Task #3092
Task #3087: Non-productions servers need to migrate to new commercial certificates
Generate new DataONE client certificates for the non-production servers
100%
Description
Since the domain names are changing for the non-production servers, we'll need new certificates generated with FQDN subjects for both metacat replication, ldap, and openvpn. These include:
cn-dev-ucsb-1.test.dataone.org.[crt|key]
cn-dev-orc-1.test.dataone.org.[crt|key]
cn-dev-unm-1.test.dataone.org.[crt|key]
cn-sandbox-ucsb-1.test.dataone.org.[crt|key]
cn-sandbox-orc-1.test.dataone.org.[crt|key]
cn-ssandbox-unm-1.test.dataone.org.[crt|key]
cn-stage-ucsb-1.test.dataone.org.[crt|key]
cn-stage-orc-1.test.dataone.org.[crt|key]
cn-stage-unm-1.test.dataone.org.[crt|key]
Dave, since Matt is out, will you give this a whirl? While we're at it, we may want to generate an intermediate CA cert and create these certs from it as opposed to directly signing with the root test CA cert. This will model the production environment more closely and avoid the configuration issues we saw when moving to production.
History
#1 Updated by Chris Jones almost 12 years ago
- Assignee changed from Dave Vieglais to Matthew Jones
#2 Updated by Dave Vieglais almost 12 years ago
- Status changed from New to In Progress
- Assignee changed from Matthew Jones to Dave Vieglais
Created new intermediate CA for test.dataone.org, and generated certs for cn-dev-ucsb-1, cn-dev-unm-1, and cn-dev-orc-1.
Keys were placed in $HOME/keys, need root to access them.
Have not generated the node certs yet (i.e. urn:node:xxx)
#3 Updated by Dave Vieglais over 11 years ago
- Status changed from In Progress to Closed
