Editing
Renew website certificate
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== How to update a security certificate for a website == If renewing a certificate currently installed, you do not need to generate the csr or key files. Just go to step 4 and renew the certificate and download the .cer file. It will match the already installed .key file. Our current web server (Rodeo-Five) uses Nginx instead of Apache # '''Generate the CSR file on the web server''' ## Log in via SSH ## Enter the following command: ##*<code>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr</code> ## Enter the following details: ##* Common name: <code>ces.fas.harvard.edu</code> ##* Organization: <code>President and Fellows of Harvard College</code> ##* Department (OU): <code>Center for European Studies</code> ##* City: <code>Cambridge</code> ##* State: <code>Massachusetts</code> ##* Country: <code>US</code> ## The new CSR and Key file will generate in the current user /home/ folder # '''Copy the CSR to local machine''' ## From local machine, open a CMD window ##* <code>scp -r username@host.ip:/home/username/cert_name.csr C:/local_folder</code> ##* The <code>-r</code> switch will move the whole folder. Do this to create a backup of the key file off server # '''Upload CSR to InCommon''' ## Log into InCommon with federated login ## Go to certificates tab and select <code>Renew</code> or <code>Replace</code> ## Submit the text of the CSR file ## Wait for approval # '''Download the new certificate''' ## On Incommon, select <code>Details</code> then by "Download the Certificate," click <code>Select</code> ## Select the "Certificate Only" option # '''Copy new .cer to server''' #* <code>scp C:/local_folder/cert_name.cer username@host.ip:/home/username</code> # '''Move .cer and Key files to correct folders''' #* This assumes the names are different from the already installed files. They will be overwritten if the same name. #* <code>sudo mv cert_name.cer /etc/ssl/certs</code> #* <code>sudo mv key_file_name.key /etc/ssl/private</code> ## Rename old .cer ''and'' .key files. ## Append with .old. Easiest to do if in the correct directory ##* <code> sudo mv old_cert_name.cer old_cert_name.cer.old</code> ##* '''''To access /private/ to change the .key file name, you must change to root <code>sudo -i</code>. Be extremely cautious while doing this and immediately disconnect and reconnect as sudo user after renaming old and new Key files''''' # '''Rename new .cer and Key files to match Nginx file''' ## These will replace the naming of the files just renamed .old ##* <code>sudo mv ces_fas_harvard_edu.cer ces.fas.harvard.edu.cer</code> ##* Repeat for key file as root user ## Confirm filenames are correct in Nginx ssl.conf file ##* <code>sudo nano /etc/nginx-sp/vhosts.d/ssl.conf</code> ## If the name changes are correct, the ssl.conf file should point straight at them already ## Update the dates on the certificate in the comments # '''Restart the Nginx service''' #* <code>sudo systemctl restart nginx-sp</code> #* Should exit without error. If there is an error, the .cer and .key files likely do not match. Confirm that they are named correctly ## Test by going to website. ## Certificate authority on web page should be "Internet2"
Summary:
Please note that all contributions to CES IT Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
CES IT:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
Edit source
View history
More
Search
Main Page
How-to's
Add Users to Wiki
Renew certificate
Edit Event Request Form
Signage information
Automated Sign-in Sheet
Crimson Print Information
Event Recording setup
Updating CES listservs
Record new voicemail menus
Crimson Print Network Access
Tiles & Editing for recorded events
SharePoint sharing
Constant Contact Handling / Updates
Social Media sharing/Configuring Global & Content SEO
Zotero + Obsidian / citations plugin interaction with AI
Website How-to's
Editing the Directions Button on Events
Double Booking Notification
UAT Testing Site
Lists
Computers
Licenses and Accounts
Listservs
Monitors
Network devices
Offices
Phones
Printers
Rooms
Routines
CMS Website Update
Imarc website update
CMS Website updates
Service Contracts
Ricoh Service Contract
Server Management
Upgrade Older Ubuntu Versions
Add a New User to Digital Ocean SSH
Tools
What links here
Related changes
Page information
Navigation
Special pages