As you may or may not know, the wild card certificate that we have for many of our web services was due to expire on September 17th, 2012.
For the past couple of days, I have been working on reissuing certificates on all our servers that have SSL connectivity, in order to avoid interruption of service once the old certificates expire. In some cases the certificates had to be reissued from scratch due to the new requirement of a minimum RSA 2048bit encryption on all issued certificates. Below is a list of servers/services that have had their certificates replaced.
cvusd-abi1, cvusd-abi2, cvusd-abi3 --> Common name: abi.chino.k12.ca.us - II6 Web Server
abisumr --> Common name: abisummer.chino.k12.ca.us - IIS6 Web Server
do-vdimanager, do-vdimanager2 --> Common name: cvdesktop.chino.k12.ca.us - Tomcat
do-food-web --> Common name: cvfood.chino.k12.ca.us - IIS6 Web Server
do-web --> Common name: gosignmeup.chino.k12.ca.us - IIS7 Web Server
do-penelope --> Common name: bhc-penelope.chino.k12.ca.us - Resin Web Server
kbox --> Common name: kbox.chino.k12.ca.us - Apache Web Server
The IIS servers are fairly straight forward for the replacement of the certificates.
The VDI Manager, Penelope, and KBOX have a different process, using the JDK keytool to generate CSR and Certificates. The bhc-penelope process is already documented in the wiki. I will be working on documenting the KBOX process, as well as the View Web Server processes for future reference.
The Digicert certificate now has a new expiration date on all these servers: 10/22/2015.
For the past couple of days, I have been working on reissuing certificates on all our servers that have SSL connectivity, in order to avoid interruption of service once the old certificates expire. In some cases the certificates had to be reissued from scratch due to the new requirement of a minimum RSA 2048bit encryption on all issued certificates. Below is a list of servers/services that have had their certificates replaced.
cvusd-abi1, cvusd-abi2, cvusd-abi3 --> Common name: abi.chino.k12.ca.us - II6 Web Server
abisumr --> Common name: abisummer.chino.k12.ca.us - IIS6 Web Server
do-vdimanager, do-vdimanager2 --> Common name: cvdesktop.chino.k12.ca.us - Tomcat
do-food-web --> Common name: cvfood.chino.k12.ca.us - IIS6 Web Server
do-web --> Common name: gosignmeup.chino.k12.ca.us - IIS7 Web Server
do-penelope --> Common name: bhc-penelope.chino.k12.ca.us - Resin Web Server
kbox --> Common name: kbox.chino.k12.ca.us - Apache Web Server
The IIS servers are fairly straight forward for the replacement of the certificates.
The VDI Manager, Penelope, and KBOX have a different process, using the JDK keytool to generate CSR and Certificates. The bhc-penelope process is already documented in the wiki. I will be working on documenting the KBOX process, as well as the View Web Server processes for future reference.
The Digicert certificate now has a new expiration date on all these servers: 10/22/2015.
- This change was made during the span of 2 days: 08/13-08/14. No downtime was incurred during this update.
No comments:
Post a Comment
Please make your comment. (GMK)
Note: Only a member of this blog may post a comment.