瀏覽代碼

Fixing StartSSL certificate installation

Bob Mottram 11 年之前
父節點
當前提交
0117073356
共有 1 個文件被更改,包括 15 次插入2 次删除
  1. 15
    2
      beaglebone.txt

+ 15
- 2
beaglebone.txt 查看文件

@@ -6493,10 +6493,15 @@ cat /etc/ssl/requests/$HOSTNAME.csr
6493 6493
 
6494 6494
 You can then click on "skip" within the StartSSL certificates wizard and copy and paste the encrypted request into the text entry box.  A confirmation will be emailed back to you normally within a few hours.
6495 6495
 
6496
-Then on the BBB.
6496
+Log into your StartSSL account and select *Retrieve Certificate* from the *Tool Box* tab.  Copy the text.
6497
+
6498
+#+BEGIN_SRC: bash
6499
+emacs /etc/ssl/certs/$HOSTNAME.crt
6500
+#+END_SRC
6501
+
6502
+Paste the public key, then save and exit.  Then on the BBB.
6497 6503
 
6498 6504
 #+BEGIN_SRC: bash
6499
-mv /etc/ssl/requests/$HOSTNAME.csr /etc/ssl/certs/$HOSTNAME.crt
6500 6505
 mkdir /etc/ssl/roots
6501 6506
 mkdir /etc/ssl/chains
6502 6507
 wget "http://www.startssl.com/certs/ca.pem" --output-document="/etc/ssl/roots/startssl-root.ca"
@@ -6522,6 +6527,14 @@ chmod -R 400 /etc/ssl/backups/certs/*
6522 6527
 chmod -R 400 /etc/ssl/backups/private/*
6523 6528
 #+END_SRC
6524 6529
 
6530
+Remove the certificate password, so if the server is rebooted then it won't wait indefinitely for a non-existant keyboard user to type in a password.
6531
+
6532
+#+BEGIN_SRC: bash
6533
+openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key
6534
+cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key
6535
+shred -zu /etc/ssl/private/$HOSTNAME.new.key
6536
+#+END_SRC
6537
+
6525 6538
 Now visit your web site at https://mydomainname.com and you should notice that there is no certificate warning displayed.  You will now be able to install systems which don't allow the use of self-signed certificates, such as [[https://redmatrix.me/&JS=1][Red Matrix]].
6526 6539
 
6527 6540
 * Deprecated