Service Desk Knowledgebase: Certificates: Difference between revisions

From Computer Laboratory System Administration
Jump to navigationJump to search
Line 46: Line 46:


==Hints, Tips & Known Issues==
==Hints, Tips & Known Issues==
===Certificate Requests===
We should handle certificate requests and generate the CSR rather than ask users to do it as it is a bit fiddly and they often get the details wrong resulting in too many iterations.  Windows is easy if for a single machine but difficult for requests with Subject Alternative Names ('''SAN'''s) added.
Procedures are documented on [http://www.wiki.cl.cam.ac.uk/clwiki/SysInfo/HelpDesk/Software/Certificates the CL WiKi]
using the email address '''sys-admin@cl.cam.ac.uk''' for any correspondence.
And after the private key is created:
1. Copy private key file ('''.pem''') to requestors home directory adding the date to avoid filename clashes using:<br />
'''sudo cp <font color="red">cdn-dtg</font>.pem /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem'''
2. Make sure only that person can read it as it is this file that ensures that the site is what it claims to be using:<br />
'''sudo chmod 600 /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem''' <br />
then<br />
'''sudo chown <font color="red">ipd21</font>:<font color="red">ipd21</font> /homes/<font color="red">ipd21</font>/<font color="red">2015-02-16.cdn-dtg</font>.pem '''
3. In the RT Ticket tell the person  it is there and that we'll pass on the certificate when we have it from the UIS.
4. Pass-on the certificate to the requestor when it arrives from the UIS into RT.


===Janet Certificate Service: SSL certificate expiry notice for ServerName===  
===Janet Certificate Service: SSL certificate expiry notice for ServerName===  

Revision as of 15:16, 27 February 2015


This is the Certificates content page of the CL Wiki Service Desk Knowledgebase. Its purpose is to provide information to the Service Desk team on how to handle problems and requests about this CL service. If you are involved with the provision of this CL service please feel free to add to the knowledge about that it.

If CL staff need to tell the Service Desk team about problems with this service please email
sys-admin-aside@cl.cam.ac.uk.

Return to the Service Desk Knowledgebase SERVICE PORTFOLIO

Key Service Description & URLs

CL Customer Documentation

Further CL Sys-Admin Resources

Underpinning Services

  • None

Customer-base for this Service

  • All staff and research students of the Computer Laboratory

Costs

  • Free to all current staff and research students of the Computer Laboratory

SLA

  • N/A

Service Desk Call Handling Procedure

  • RT tickets can be escalated to the Sys Admin team by leaving the Queue as sys-admin with the Owner set to Nobody and the Status set to new.

Contacts

Primary


Other

Availability

  • N/A

Hints, Tips & Known Issues

Janet Certificate Service: SSL certificate expiry notice for ServerName

Graham Titmus (27/01/15)

You may receive email from JANET warning that a certificate is due to expire shortly. However certificates are often replaced early. Check the certificate using IE to the web-server & click the padlock next to the URL & view certificate to check the expiry date. If it's later than JANET think the ticket can be Resolved with an appropriate comment. If it is due to expire soon follow the escalation route.


Categorising Keywords

  • A categorization or service type