search

scientist-softserv / utk-hyku

Other
6 stars 0 forks source link

Update SSL Certs for UTK hykuadmin.lib.utk.edu & digitalcollections.lib.utk.edu #682

Closed aprilrieger closed 1 month ago

aprilrieger commented 1 month ago

Update SSL Certs for UTK hykuadmin.lib.utk.edu

Waiting for email form Will: https://assaydepot.slack.com/archives/C0396LSM06P/p1726000859069489?thread_ts=1724695832.210029&cid=C0396LSM06P

How to do previous ticket with steps: https://github.com/scientist-softserv/utk-hyku/issues/534

aprilrieger commented 1 month ago 
Date: Thursday, August 29, 2024 at 10:20 AM
To: Veale, William (Will) <wveale@utk.edu>
Subject: Enrollment Successful - Your SSL certificate for hykuadmin.lib.utk.edu is ready

Hello,

You have successfully enrolled for an InCommon SSL certificate.

You now need to complete the following steps:

    * Click the following link to download your SSL certificate (generally try to use a version that includes intermediates & root or your certificate may be rejected by some older clients)

        Available formats:
           as Certificate only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=x509CO
           as Certificate (w/ issuer after), PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=pemia
           as Certificate (w/ chain), PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=x509
           as PKCS#7: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=bin
           as PKCS#7, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=base64

        Issuing CA certificates only:
           as Root/Intermediate(s) only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=x509IO
           as Intermediate(s)/Root only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095911&format=x509IOR

    * Import your new certificate into your server (Please contact your administrator for help with this).

    * Your renew id: lqDQS4WRir3UVXKoEil3

Certificate Details:
    Common Name :  hykuadmin.lib.utk.edu
    Subject Alternative Names :
    Number of licenses :
    SSL Type :     InCommon SSL (SHA-2)
    Term :         398 Days    
    Server :      
    Requested :    08/29/2024 14:20 GMT
    Approved :     08/29/2024 14:20 GMT
    Expires :      09/29/2025 23:59 GMT
    Order Number : 2260391740
    Self-Enrollment Certificate ID : 10095911
    Comments :
aprilrieger commented 1 month ago

Here is digitalcollections.lib.utk.edu

Hello,

You have successfully enrolled for an InCommon SSL certificate.

You now need to complete the following steps:

    * Click the following link to download your SSL certificate (generally try to use a version that includes intermediates & root or your certificate may be rejected by some older clients)

        Available formats:
           as Certificate only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=x509CO
           as Certificate (w/ issuer after), PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=pemia
           as Certificate (w/ chain), PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=x509
           as PKCS#7: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=bin
           as PKCS#7, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=base64

        Issuing CA certificates only:
           as Root/Intermediate(s) only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=x509IO
           as Intermediate(s)/Root only, PEM encoded: https://cert-manager.com/customer/InCommon/ssl?action=download&sslId=10095902&format=x509IOR

    * Import your new certificate into your server (Please contact your administrator for help with this).

    * Your renew id: scWzNqWoxg6okJs4ci6Q

Certificate Details:
    Common Name :  digitalcollections.lib.utk.edu
    Subject Alternative Names :
    Number of licenses :
    SSL Type :     InCommon SSL (SHA-2)
    Term :         398 Days    
    Server :      
    Requested :    08/29/2024 14:18 GMT
    Approved :     08/29/2024 14:18 GMT
    Expires :      09/29/2025 23:59 GMT
    Order Number : 2260391323
    Self-Enrollment Certificate ID : 10095902
    Comments :
aprilrieger commented 1 month ago

Need the keys from csr generation to add these to the cluster.

aprilrieger commented 1 month ago

Got keys from Rob. I am getting a secret Creation Warning 299 - tls: private key does not match public key, when creating the tls secret in Rancher. So I checked the certs/keys by module comparison and they are not matching up. Do you have another set of keys for utk?

Here is what I did to compare (in case I did it wrong). I downloaded the keys you sent, and the certs with the chain from the email.

openssl x509 -noout -modulus -in digitalcollections_lib_utk_edu.cer | openssl md5=(stdin)= 042b80d04f95f222e80c399de733f2db openssl rsa -noout -modulus -in digitalcollections.key | openssl md5=(stdin)= 0702fd046172cd276db090b2d27571ee

openssl x509 -noout -modulus -in hykuadmin_lib_utk_edu.cer | openssl md5=(stdin)= 042b80d04f95f222e80c399de733f2db openssl rsa -noout -modulus -in hykuadmin.key | openssl md5=(stdin)= f5e4a99db4eac85899d727a0504564d2

aprilrieger commented 1 month ago

Thank you @orangewolf for getting this knocked out!