Академический Документы
Профессиональный Документы
Культура Документы
Process
1. Run the following commands to obtain necessary binaries:
3. The last command in Step 2 will open a file in Nano. Enter the following:
When finished, the file header should look something like this:
Page 1
General Support: 1-612-216-1296
5. Check to make sure your server is accessible over DNS before continuing
7. The second command will begin a prompt to make a new CSR. You will be asked
for the following, and can (should) skip the last few accordingly:
Example:
Page 2
General Support: 1-612-216-1296
8. Run the following command to view the CSR that we just created:
cat /etc/apache2/ssl/server.csr
9. Copy the ENTIRE contents of that CSR file to wherever is convenient. We’re going
to paste it in to the JSS in Step 12. You may need save it to a file and transfer it off of
your server depending on your setup. Make sure to include the BEGIN
CERTIFICATE REQUEST and END CERTIFICATE REQUEST lines!
10. In the JSS, navigate to Settings > Global Management > PKI
13. Change the Certificate Type (at the bottom of the page) to Web Server Certificate
Page 3
General Support: 1-612-216-1296
19. Fill in Distribution Point URL for User Images. <FQDN> should be substituted for
the DNS Address we entered in Step 3:
https://<FQDN>/photos/$USERNAME.png
Keep the $USERNAME variable there. Using it will adjust the URL based on the
name of the photo. The name of the photo MUST be the same as the JSS User’s
username!
20. Click Download (right underneath the Certificate Download text on the page)
• Rename the downloaded file to photoca.pem
21. Check the box to Upload Additional Certificate
22. Upload the .pem file that was downloaded in Step 16. We’ve got 3 .pem files
floating around at this point, so make sure it’s the correct one. We are looking for
the Root CA.
23. Save
If you downloaded those 3 .pem files on a server other than the Ubuntu
Photo Server, transfer them all over to the server at this point, before
continuing. Make sure they have been named according to the bullet
points under each download step. This is essential to proceeding.
24. Move all 3 .pem files to /etc/apache2/ssl on the Ubuntu Photo Server.
Look for:
• SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
• SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
Replace with:
• SSLCertificateFile /etc/apache2/ssl/webcert.pem
• SSLCertificateKeyFile /etc/apache2/ssl/server.key
Look for:
• #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
Uncomment and replace with:
• SSLCertificateChainFile /etc/apache2/ssl/ca.pem
Look for:
• #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
Uncomment and replace with:
Page 4
General Support: 1-612-216-1296
• SSLCACertificateFile /etc/apache2/ssl/photoca.pem
Uncomment these two lines:
• SSLVerifyClient require
• SSLVerifyDepth 10
27. Save the file and close it.
30. Place all of your photos in this directory. As a reminder, they must be named
exactly the same as their JSS User username.
Page 5