From 0117073356927f6d92f0e931f7759e57565d5fba Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Sat, 12 Apr 2014 15:49:25 +0100 Subject: [PATCH] Fixing StartSSL certificate installation --- beaglebone.txt | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/beaglebone.txt b/beaglebone.txt index 9df65600..e4aadd9e 100644 --- a/beaglebone.txt +++ b/beaglebone.txt @@ -6493,10 +6493,15 @@ cat /etc/ssl/requests/$HOSTNAME.csr You can then click on "skip" within the StartSSL certificates wizard and copy and paste the encrypted request into the text entry box. A confirmation will be emailed back to you normally within a few hours. -Then on the BBB. +Log into your StartSSL account and select *Retrieve Certificate* from the *Tool Box* tab. Copy the text. + +#+BEGIN_SRC: bash +emacs /etc/ssl/certs/$HOSTNAME.crt +#+END_SRC + +Paste the public key, then save and exit. Then on the BBB. #+BEGIN_SRC: bash -mv /etc/ssl/requests/$HOSTNAME.csr /etc/ssl/certs/$HOSTNAME.crt mkdir /etc/ssl/roots mkdir /etc/ssl/chains wget "http://www.startssl.com/certs/ca.pem" --output-document="/etc/ssl/roots/startssl-root.ca" @@ -6522,6 +6527,14 @@ chmod -R 400 /etc/ssl/backups/certs/* chmod -R 400 /etc/ssl/backups/private/* #+END_SRC +Remove the certificate password, so if the server is rebooted then it won't wait indefinitely for a non-existant keyboard user to type in a password. + +#+BEGIN_SRC: bash +openssl rsa -in /etc/ssl/private/$HOSTNAME.key -out /etc/ssl/private/$HOSTNAME.new.key +cp /etc/ssl/private/$HOSTNAME.new.key /etc/ssl/private/$HOSTNAME.key +shred -zu /etc/ssl/private/$HOSTNAME.new.key +#+END_SRC + Now visit your web site at https://mydomainname.com and you should notice that there is no certificate warning displayed. You will now be able to install systems which don't allow the use of self-signed certificates, such as [[https://redmatrix.me/&JS=1][Red Matrix]]. * Deprecated