Service Desk Knowledgebase: Certificates: Difference between revisions
| Line 62: | Line 62: | ||
'''sudo chmod 600 /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem''' <br /> | '''sudo chmod 600 /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem''' <br /> | ||
then<br /> | then<br /> | ||
'''sudo chown <font color="red">ipd21:<font color="red">ipd21</font> /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem ''' | '''sudo chown <font color="red">ipd21</font>:<font color="red">ipd21</font> /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem ''' | ||
3. In the RT Ticket tell the person it is there and that we'll pass on the certificate when we have it from the UIS. | 3. In the RT Ticket tell the person it is there and that we'll pass on the certificate when we have it from the UIS. | ||
Revision as of 18:22, 16 February 2015
This is the Certificates content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.
If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.
Return to the Service Desk Knowledgebase SERVICE PORTFOLIO
Key Service Description & URLs
CL Customer Documentation
Further CL Sys-Admin Resources
- http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Software/Certificates - Certificates documentation
Underpinning Services
- None
Customer-base for this Service
- All staff and research students of the Computer Laboratory
Costs
- Free to all current staff and research students of the Computer Laboratory
SLA
- N/A
Service Desk Call Handling Procedure
- RT tickets can be escalated to the Sys Admin team by leaving the Queue as sys-admin with the Owner set to Nobody and the Status set to new.
Contacts
Primary
- Graham Titmus (for Windows Certificates)
Other
Availability
- N/A
Hints, Tips & Known Issues
Certificate Requests
We should handle certificate requests and generate the CSR rather than ask users to do it as it is a bit fiddly and they often get the details wrong resulting in too many iterations. Windows is easy if for a single machine but difficult for requests with SANs added.
Procedures are documented on the CL WiKi using the email address sys-admin@cl.cam.ac.uk for any correspondence.
Then:
1. Copy private key file (.pem) to requestors home directory adding the date to avoid filename clashes using:
sudo cp cdn-dtg.pem /homes/ipd21/2015-02-16.cdn-dtg.pem
2. Make sure only that person can read it as it is this file that ensures that the site is what it claims to be using:
sudo chmod 600 /homes/ipd21/2015-02-16.cdn-dtg.pem
then
sudo chown ipd21:ipd21 /homes/ipd21/2015-02-16.cdn-dtg.pem
3. In the RT Ticket tell the person it is there and that we'll pass on the certificate when we have it from the UIS.
4. Pass-on the certificate when it arrives from the UIS into RT.
Janet Certificate Service: SSL certificate expiry notice for ServerName
Graham Titmus (27/01/15)
You may receive email from JANET warning that a certificate is due to expire shortly. However certificates are often replaced early. Check the certificate using IE to the web-server & click the padlock next to the URL & view certificate to check the expiry date. If it's later than JANET think the ticket can be Resolved with an appropriate comment. If it is due to expire soon follow the escalation route.
Categorising Keywords
- A categorization or service type
