Leopard Server Install
From cosign wiki
(Difference between revisions)
(→Background info on the Makefile change:) |
(→Changes from before that I got hung up on:) |
||
Line 2: | Line 2: | ||
------------------------------------------------------ | ------------------------------------------------------ | ||
* Web directory changed from /etc/httpd to /etc/apache2 | * Web directory changed from /etc/httpd to /etc/apache2 | ||
- | |||
* Edits made Mar 09 to reflect what to do with the signed certificate and instructions to update the umwebCA.pem file | * Edits made Mar 09 to reflect what to do with the signed certificate and instructions to update the umwebCA.pem file | ||
Revision as of 13:45, 30 March 2009
Changes from before that I got hung up on:
- Web directory changed from /etc/httpd to /etc/apache2
- Edits made Mar 09 to reflect what to do with the signed certificate and instructions to update the umwebCA.pem file
Full procedure I used (in chicken-scratch format):
- In Server Admin, select the hostname of the server
- Click the Certificates tab
- Click the + button
Common Name: lsa-mac-dev1.lsait.lsa.umich.edu Org: University of Michigan OU: LSA IT City: Ann Arbor State: Michigan (leave the others as defaults)
- Click Save
Open a web-browser to here:
https://webservices.itcs.umich.edu/
and choose the Request an SSL certificate option (you'll be filling it out momentarily) Back in Server Admin:
- Select the cert you just created
- Under the gearwheel menu, choose Generate CSR
- Drag the certificate icon to the webpage's CSR box
- Fill out the form, being sure to choose umwebCA as the signer
When you get the signed certificate back from the UMWeb Certificate Authority, return to Server Admin and:
- Select the self-signed cert in Server Admin you created earlier
- Under the gearwheel menu, choose 'Add Signed or Renewed Certificate from Certificate Authority' and add the signed certificate you received
In Server Admin, start the Web Service
- Click the Sites button, and select the default site (*)
- On the Options tab, allow 'CGI Execution'
- On the Logging tab, set both the access and error logs to archive every 7 days
- Click Save
- cd /etc/apache2
- sudo mkdir cosign
- cd cosign
- sudo vi site_conf
BEGINNING OF FILE CosignHostname weblogin.umich.edu CosignRedirect https://weblogin.umich.edu/ CosignPostErrorRedirect https://weblogin.umich.edu/post_error.html CosignService lsa-hpc CosignCrypto /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/apache2/cosign/CAcerts CosignHttpOnly on ### Our site is HTTP - if yours is HTTPS, remove this line <Location /> CosignProtected on </Location> <Location /unprotected> CosignProtected off </Location> END OF FILE
- cd /etc/apache2/sites
- Add this line to your site, anywhere inside the <VirtualHost> block
- Include "/etc/apache2/cosign/site_conf"