|
@@ -6493,10 +6493,15 @@ cat /etc/ssl/requests/$HOSTNAME.csr
|
6493
|
6493
|
|
6494
|
6494
|
You can then click on "skip" within the StartSSL certificates wizard and copy and paste the encrypted request into the text entry box. A confirmation will be emailed back to you normally within a few hours.
|
6495
|
6495
|
|
6496
|
|
-Then on the BBB.
|
|
6496
|
+Log into your StartSSL account and select *Retrieve Certificate* from the *Tool Box* tab. Copy the text.
|
|
6497
|
+
|
|
6498
|
+#+BEGIN_SRC: bash
|
|
6499
|
+emacs /etc/ssl/certs/$HOSTNAME.crt
|
|
6500
|
+#+END_SRC
|
|
6501
|
+
|
|
6502
|
+Paste the public key, then save and exit. Then on the BBB.
|
6497
|
6503
|
|
6498
|
6504
|
#+BEGIN_SRC: bash
|
6499
|
|
-mv /etc/ssl/requests/$HOSTNAME.csr /etc/ssl/certs/$HOSTNAME.crt
|
6500
|
6505
|
mkdir /etc/ssl/roots
|
6501
|
6506
|
mkdir /etc/ssl/chains
|
6502
|
6507
|
wget "http://www.startssl.com/certs/ca.pem" --output-document="/etc/ssl/roots/startssl-root.ca"
|
|
@@ -6522,6 +6527,14 @@ chmod -R 400 /etc/ssl/backups/certs/*
|
6522
|
6527
|
chmod -R 400 /etc/ssl/backups/private/*
|
6523
|
6528
|
#+END_SRC
|
6524
|
6529
|
|
|
6530
|
+Remove the certificate password, so if the server is rebooted then it won't wait indefinitely for a non-existant keyboard user to type in a password.
|
|
6531
|
+
|
|
6532
|
+#+BEGIN_SRC: bash
|
|
6533
|
+openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
|
|
6534
|
+cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
|
|
6535
|
+shred -zu /etc/ssl/private/$HOSTNAME.new.key
|
|
6536
|
+#+END_SRC
|
|
6537
|
+
|
6525
|
6538
|
Now visit your web site at https://mydomainname.com and you should notice that there is no certificate warning displayed. You will now be able to install systems which don't allow the use of self-signed certificates, such as [[https://redmatrix.me/&JS=1][Red Matrix]].
|
6526
|
6539
|
|
6527
|
6540
|
* Deprecated
|