Leopard Server Install

From cosign wiki

Revision as of 12:36, 30 March 2009 by Admorten (Talk | contribs)
Jump to: navigation, search

Changes from before that I got hung up on:


  • Web directory changed from /etc/httpd to /etc/apache2
  • Had to modify a Makefile in the Cosign distribution to build it (details below)
  • Edits made Mar 09 to reflect what to do with the signed certificate and instructions to update the umwebCA.pem file

Full procedure I used (in chicken-scratch format):


  • In Server Admin, select the hostname of the server
  • Click the Certificates tab
  • Click the + button
Common Name: lsa-mac-dev1.lsait.lsa.umich.edu
Org: University of Michigan
OU: LSA IT
City: Ann Arbor
State: Michigan
(leave the others as defaults)
  • Click Save

Open a web-browser to here:

https://webservices.itcs.umich.edu/

and choose the Request an SSL certificate option (you'll be filling it out momentarily) Back in Server Admin:

  • Select the cert you just created
  • Under the gearwheel menu, choose Generate CSR
  • Drag the certificate icon to the webpage's CSR box
  • Fill out the form, being sure to choose umwebCA as the signer


When you get the signed certificate back from the UMWeb Certificate Authority, return to Server Admin and:

  • Select the self-signed cert in Server Admin you created earlier
  • Under the gearwheel menu, choose 'Add Signed or Renewed Certificate from Certificate Authority' and add the signed certificate you received


In Server Admin, start the Web Service

  • Click the Sites button, and select the default site (*)
  • On the Options tab, allow 'CGI Execution'
  • On the Logging tab, set both the access and error logs to archive every 7 days
  • Click Save
  • cd /etc/apache2
  • sudo mkdir cosign
  • cd cosign
  • sudo vi site_conf
BEGINNING OF FILE
CosignHostname weblogin.umich.edu
CosignRedirect https://weblogin.umich.edu/
CosignPostErrorRedirect https://weblogin.umich.edu/post_error.html
CosignService lsa-hpc
CosignCrypto /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey /etc/certificates/lsa-mac-dev1.lsait.lsa.umich.edu.crtkey   /etc/apache2/cosign/CAcerts
CosignHttpOnly on  ### Our site is HTTP - if yours is HTTPS, remove this line
<Location />
CosignProtected on
</Location>
<Location /unprotected>
CosignProtected off
</Location>
END OF FILE
  • cd /etc/apache2/sites
  • Add this line to your site, anywhere inside the <VirtualHost> block
    • Include "/etc/apache2/cosign/site_conf"

Build and install cosign:

Building and Installing on Mac OS X

Personal tools