Project

General

Profile

Task #3092

Task #3087: Non-productions servers need to migrate to new commercial certificates

Generate new DataONE client certificates for the non-production servers

Added by Chris Jones almost 9 years ago. Updated almost 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Support Operations
Start date:
2012-07-19
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

Since the domain names are changing for the non-production servers, we'll need new certificates generated with FQDN subjects for both metacat replication, ldap, and openvpn. These include:

cn-dev-ucsb-1.test.dataone.org.[crt|key]
cn-dev-orc-1.test.dataone.org.[crt|key]
cn-dev-unm-1.test.dataone.org.[crt|key]

cn-sandbox-ucsb-1.test.dataone.org.[crt|key]
cn-sandbox-orc-1.test.dataone.org.[crt|key]
cn-ssandbox-unm-1.test.dataone.org.[crt|key]

cn-stage-ucsb-1.test.dataone.org.[crt|key]
cn-stage-orc-1.test.dataone.org.[crt|key]
cn-stage-unm-1.test.dataone.org.[crt|key]

Dave, since Matt is out, will you give this a whirl? While we're at it, we may want to generate an intermediate CA cert and create these certs from it as opposed to directly signing with the root test CA cert. This will model the production environment more closely and avoid the configuration issues we saw when moving to production.

History

#1 Updated by Chris Jones almost 9 years ago

  • Assignee changed from Dave Vieglais to Matthew Jones

#2 Updated by Dave Vieglais almost 9 years ago

  • Status changed from New to In Progress
  • Assignee changed from Matthew Jones to Dave Vieglais

Created new intermediate CA for test.dataone.org, and generated certs for cn-dev-ucsb-1, cn-dev-unm-1, and cn-dev-orc-1.

Keys were placed in $HOME/keys, need root to access them.

Have not generated the node certs yet (i.e. urn:node:xxx)

#3 Updated by Dave Vieglais almost 9 years ago

  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)