SELV uses SSL and requires a certificate associated with the villagereach.org domain. This certificate can expire or otherwise need to be updated. There are a number of places it needs to get updated at:
- selv.villagereach.org
- selv-training.villagereach.org
- Putty instances used for the SELV data edit tool.
Updating the selv.villagereach.org
The process for updating the SELV certificate is straight-forward yet tedious.
Below is the contents of the readme.txt notes created when it was updated last:
This SSL configuration is setup for the gandi.net certification provider.
The certificate is a SHA2 certificate which needs a chain file created that contains both the intermediate certificate and the cross-signed certificate into a single bundle stored in a PEM file.
The file villagereach-chain.pem is simply the GandiStandardSSLCA2.pem concatinated with the USERTrustRSAAddTrustCA.pem file. NOTE: These two files are this directory, but only for reference. Their contents are duplicated in the villagereach-chain.pem file.
Then, in the Apache configuration file, you must use the SSLCertificateChainFile directive to specify the chain file.
See: http://wiki.gandi.net/en/ssl/intermediate#sha2_intermediate_certificates
These keys are copied to /etc/httpd/conf.d/ssl on selv.villagereach.org. The appropriate configuration file is int he conf.d directory.
Updating selv-training.villagereach.org
selv-training is hosted in the docker instance. The same certificates created above need to be configured within the appropriate configuration there.
These keys are copied to /etc/httpd/conf.d/ssl on docker instance. The appropriate configuration file is in the selv-training conf file in the conf.d directory.
's SSL configuration parallels that of SIIL's. Please see this page for details.