Versions Compared

Old Version 6

changes.mady.by.user Glen Steedman

Saved on

compared with

New Version 7

changes.mady.by.user Mats Age

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is a manual proces until

Jira Legacy
serverSystem JIRAJira
serverIdd1de7fd4-f9b1-3177-8dc3-3ee678680322
keyYMN-4962

...

  1. Switch user to root

    • Code Block
      su root

  2. Run the following command to create the CSR request config file

    • Code Block
      nano /var/opt/yarnlab/yarnman/config/yarnman-ssl.cnf

    • add copy the following contenst and replace <FQDN>with the Fully Quailifed Domain Name of the server

    • Code Block
      [req]
distinguished_name  = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
emailAddress      = Email Address (emailAddress_max    = 64)
[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names
[alt_names]
DNS.1 = <FQDN>

  3. Run the following command to generate the CSR

    • Command Syntax

      • Code Block
        openssl req -config /var/opt/yarnlab/yarnman/config/yarnman-ssl.cnf -new -subj "/C=${COUNTRY}/ST=${STATE}/L=${LOCATION}/O=${ORGANIZATION}/OU=${FUNCTION}/CN=${FQDN}" \
 -out /var/opt/yarnlab/yarnman/config/yarnman-ssl.csr -key /var/opt/yarnlab/yarnman/config/ssl-key.pem -passin pass:somepassword -sha512 -newkey rsa:4096

    • All of the following need to be replaced

      • ${COUNTRY}

      • ${STATE}

      • ${LOCATION}

      • ${ORGANIZATION}

      • ${FUNCTION}

      • ${FQDN

    • Example

      • Code Block
        openssl req -config /var/opt/yarnlab/yarnman/config/yarnman-ssl.cnf -new -subj "/C=AU/ST=NSW/L=SYDNEY/O=yarnlab/OU=lab/CN=yarnman.test.yarnlab.io" \
 -out /var/opt/yarnlab/yarnman/config/yarnman-ssl.csr -key /var/opt/yarnlab/yarnman/config/ssl-key.pem -passin pass:somepassword -sha512 -newkey rsa:4096

  4. Collect CSR for signing

    1. Option 1- SFTP download from /var/opt/yarnlab/upgrade/

      1. cp /var/opt/yarnlab/yarnman/config/yarnman-ssl.csr /var/opt/yarnlab/yarnman/upgrade/yarnman-ssl.csr

    2. Option 2 - copy content to new file yarnman-ssl.cnf

      1. cat /var/opt/yarnlab/yarnman/config/yarnman-ssl.csr

  5. Once signed certificate has been received from CA

    1. Review if certificate has intermediate CA siging signing and follow process below

  6. Backup existing SSL public certificate

    • Code Block
      cp /var/opt/yarnlab/yarnman/config/ssl-cert.cert /var/opt/yarnlab/yarnman/config/ssl-cert.cert.bk
    • Code Block
      cat /var/opt/yarnlab/yarnman/config/ssl-cert.cert

  7. Update public certificatgecertificate

    • Option 1
      upload to /var/opt/yarnlab/yarnman/upgrade/ssl-cert.cert

      • Code Block
        rm /var/opt/yarnlab/yarnman/config/ssl-cert.cert
mv /var/opt/yarnlab/yarnman/upgrade/ssl-cert.cert /var/opt/yarnlab/yarnman/config/ssl-cert.cert
systemctl restart yarnman

    • Option 2
      nano /var/opt/yarnlab/yarnman/config/ssl-cert.cert

      • Code Block
        systemctl restart yarnman
Verification
Code Block
PENDING openssl verification commands

...