Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

SELV uses SSL and requires a certificate associated with the villagereach.org domain.  This certificate can expire or otherwise need to be updated.  There are a number of places it needs to get updated at:

  1. selv.villagereach.org
  2. selv-training.villagereach.org
  3. Putty instances used for the SELV data edit tool.

Updating the selv.villagereach.org 

The process for updating the SELV certificate is straight-forward yet tedious.

Below is the contents of the readme.txt notes created when it was updated last:

This SSL configuration is setup for the gandi.net certification provider.

The certificate is a SHA2 certificate which needs a chain file created that contains both the intermediate certificate and the cross-signed certificate into a single bundle stored in a PEM file.

The file villagereach-chain.pem is simply the GandiStandardSSLCA2.pem concatinated with the USERTrustRSAAddTrustCA.pem file. NOTE: These two files are this directory, but only for reference. Their contents are duplicated in the villagereach-chain.pem file.

Then, in the Apache configuration file, you must use the SSLCertificateChainFile directive to specify the chain file.

See: http://wiki.gandi.net/en/ssl/intermediate#sha2_intermediate_certificates

These keys are copied to /etc/httpd/conf.d/ssl on selv.villagereach.org.  The appropriate configuration file is int he conf.d directory.

Updating selv-training.villagereach.org

selv-training is hosted in the docker instance.  The same certificates created above need to be configured within the appropriate configuration there.

These keys are copied to /etc/httpd/conf.d/ssl on docker instance.  The appropriate configuration file is in the selv-training conf file in the conf.d directory.

Updating SELV data edit Putty files

TBD

 

's SSL configuration parallels that of SIIL's. Please see this page for details.