Update Certificates
Update of weberver and Shibboleth certificate
A complete manual is in our Rodare deployment docs.
Webserver
rodare6
-
Request new webserver certificate for rodare.hzdr.de
-
Copy certificate to /etc/ssl/certs/rodare.hzdr.de.crt
-
Check and add if necessary the full certificate chain -
Copy key to /etc/ssl/private/rodare.hzdr.de.key
-
Restart nginx with ´service nginx restart´ -
Check new certificate in browser (deactivate other machines in haproxy)
The same cerificate and key is also used for the Shibboleth SP:
-
Rename and copy the same certificate to /opt/rodare/var/instance/shibboleth/settings/certs/sp_new.crt
-
Rename and copy the key to opt/rodare/var/instance/shibboleth/settings/certs/sp_new.key
-
Replace the valid until date "metadataValidUntil": "2022-02-27T11:59:10Z"
in/opt/rodare/var/instance/shibboleth/settings/advanced_settings.json
-
Restart the rodare servcie and check the metadata at rodare.hzdr.de/shibboleth/metadata/hzdr
rodare5
-
Request new webserver certificate for rodare.hzdr.de
-
Copy certificate to /etc/ssl/certs/rodare.hzdr.de.crt
-
Check and add if necessary the full certificate chain -
Copy key to /etc/ssl/private/rodare.hzdr.de.key
-
Restart nginx with ´service nginx restart´ -
Check new certificate in browser (deactivate other machines in haproxy)
The same cerificate and key is also used for the Shibboleth SP:
-
Rename and copy the same certificate to /opt/rodare/var/instance/shibboleth/settings/certs/sp_new.crt
-
Rename and copy the key to opt/rodare/var/instance/shibboleth/settings/certs/sp_new.key
-
Replace the valid until date "metadataValidUntil": "2022-02-27T11:59:10Z"
in/opt/rodare/var/instance/shibboleth/settings/advanced_settings.json
-
Restart the rodare servcie and check the metadata at rodare.hzdr.de/shibboleth/metadata/hzdr
rodare4
-
Request new webserver certificate for rodare.hzdr.de
-
Copy certificate to /etc/ssl/certs/rodare.hzdr.de.crt
-
Check and add if necessary the full certificate chain -
Copy key to /etc/ssl/private/rodare.hzdr.de.key
-
Restart nginx with ´service nginx restart´ -
Check new certificate in browser (deactivate other machines in haproxy)
The same cerificate and key is also used for the Shibboleth SP:
-
Rename and copy the same certificate to /opt/rodare/var/instance/shibboleth/settings/certs/sp_new.crt
-
Rename and copy the key to opt/rodare/var/instance/shibboleth/settings/certs/sp_new.key
-
Replace the valid until date "metadataValidUntil": "2022-02-27T11:59:10Z"
in/opt/rodare/var/instance/shibboleth/settings/advanced_settings.json
-
Restart the rodare servcie and check the metadata at rodare.hzdr.de/shibboleth/metadata/hzdr
Hand over certificate and metadata to FWCA:
-
Update certificate and metadate in the DFN database
After a few hours:
-
Remove the old certificate and rename the new one to sp.crt
andsp.key
-
Restart rodare service