Open smallboy69 opened 3 months ago
Hi @smallboy69,
I'm not part of the perfsonar team but I can provide some info here. If you have a cert provider, just simply generate a CSR. I use the config file method.
NOTE: Replace the info below to match what you have
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = COUNTRY CODE (US, UK, etc)
ST = STATE
L = LOCAL (CITY)
O = COMPANYNAME
OU = ORGUNITNAME
CN = servername
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1 = servername.yourdomainhere.com
DNS.2 = serveraltname1.yourdomainhere.com
DNS.3 = serveraltname2.yourdomainhere.com
openssl req -new -newkey rsa:4096 -nodes -out "perfsonar.csr" -keyout "perfsonar.key" -config "perfsonar.cnf"
perfsonar.csr
- copy the content of this and paste into your cert provider, they will provide you a cert to download. Download the one for apache if you have that option or pem format.
Ubuntu: Copy this to folder /etc/ssl/certs/
permission 644
and own by root:root
Rocky: Copy this to folder /etc/pki/tls/certs
permission 644
and own by root:root
perfsonar.key
- will need this for perfsonar.
Ubuntu: Copy this to folder /etc/ssl/private
, the permission for the key should be 640
and own by root:ssl-cert
Rocky: Copy this to folder /etc/pki/tls/private/
, the permission for the key should be 600
and own by root:root
/etc/apache2/sites-enabled/default-ssl.conf
Comment out the following and add your own
#SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
#SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
/etc/httpd/conf.d/ssl.conf
Comment out the following and add your own
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Ubuntu: systemctl restart apache2
Rocky: systemctl restart httpd
Open your perfsonar installation and check.
Other distro would be either similar to Ubuntu (Debian) or Rocky (Alma / RHEL)
Hope this helps!
Thanks for your assistance @ichantio
appreciate your advise and insight
Regards
hi Perfsonar Team
hope this email finds you well
appreciated if anyone has updated the certificate for perfsonar 5.1.0 if there is any documentation that has been validated to work...
as i need to update the certificate for my reloaded perfsonar 5.1