Internal Errigal Collaboration Wiki

User Tools

Site Tools

Trace:
Writing /app/www/public/data/meta/databaseandnetworkmanagement/ssl_renewal.meta failed
databaseandnetworkmanagement:ssl_renewal

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
databaseandnetworkmanagement:ssl_renewal [2017/05/25 15:52] mmccdatabaseandnetworkmanagement:ssl_renewal [2021/06/25 10:09] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Iris (Signal Seeker) SSL Renewal ======
 +
 +Author: Michelle McCausland
 +
 +===== Introduction =====
 +
 +The steps outlined here describe how to update an ssl cert for errigal-iris.
 +
 +----
 +
 +===== Initial Steps =====
 +
 +  * Login to godaddy, check the errigal-iris cert
 +  * Go to https://www.errigal-iris.com/ and check the cert information (inspect element> security> view certificate)
 +
 +{{ :databaseandnetworkmanagement:sslcert.png?nolink |}}
 +
 +  * Go to aws and ensure you can find the certificate in the irisbalancer in EC2 -> Northern California Region -> LoadBalancer -> Iris Balancer -> Listeners
 +
 +{{ :databaseandnetworkmanagement:listener.png?nolink |}}
 +
 +----
 +
 +===== Generate New CSR =====
 +
 +  * Open a terminal window to Iris - 54.215.67.168 
 +  * Ensure you have access to the ppk file to access the server - located in Errigal Shared Documents\Amazon EC2\prod keys\iris.ppk
 +  * Navigate to a directory or make a new one to contain the new CSR files.
 +  * At this point we want to produce a public – private key pair. 
 +  * Run the following command: ''openssl genrsa -des3 -out mycert.key 2048''
 +  * Enter a password which will be used later
 +  * Run the following command: ''openssl req -new -key mycert.key -out mycert.csr''
 +       * Country - US
 +       * State - N. California
 +       * Company - Errigal Inc.
 +       * Organizational Unit Name - www.errigal-iris.com
 +       * Common Name - www.errigal-iris.com
 +  * If using AWS a no pass key needs to be generated with the following: ''openssl rsa -in mycert.key -out mycert-nopass.key''
 +  * Enter your password to generate the file
 +
 +----
 +
 +===== Add new CSR to GoDaddy =====
 +  * Log into GoDaddy > Certificates > Iris > ReKey & Manage > Rekey Certificate
 +  * Here you will be asked to copy and paste the CSR text (vi .csr file)
 +  * Submit and ensure this was successful
 +  * An email will likely be sent to support@errigal.com in the next 5 minutes
 +  * Click the link in the email, download the files.
 +
 +----
 +
 +===== Add new Cert to AWS =====
 +
 +  * Now go to the SSL listener and select edit and select "Upload a new SSL certificate to AWS Identity and Access Management (IAM)"
 +  * Then paste in the file contents as mentioned in the howto
 +  * The last bit of information are the mappings to each fields, which are as follows:
 +
 +Private Key = This is the key we generated earlier on our instance server, which we then removed the pass phrase from. Be sure to use the contents of the new file we created called mycert-nopass.key
 +
 +Public Key Certificate = This is the public key file provided by Godaddy it should have your domain or key name in the actual file name
 +
 +Certificate Chain = This is the bundle key file provided by Godaddy, it usually has the work bundle in the actual file name
 +
 +  * Now go to https://www.errigal-iris.com/ , force refresh a few times and check the cert information, it will now have the new expiry date.  This might take a couple of minutes.
 +
 +
  

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki