Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust slapd to use Lets Encrypt certs #1

Open
datadavev opened this issue Oct 26, 2021 · 2 comments
Open

Adjust slapd to use Lets Encrypt certs #1

datadavev opened this issue Oct 26, 2021 · 2 comments
Assignees
@taojing2002
Labels
bug Something isn't working

Comments

@datadavev
Copy link
Member

slapd is configured to use server certificates signed by the DataONE CA. This was necessary back in the day because slapd does not work with wild card certificates.

Action: Edit /etc/ldap/slapd.conf, example for sandbox:

TLSCACertificateFile     /etc/letsencrypt/live/cn-sandbox.test.dataone.org/fullchain.pem
TLSCertificateFile       /etc/letsencrypt/live/cn-sandbox.test.dataone.org/cert.pem
TLSCertificateKeyFile    /etc/letsencrypt/live/cn-sandbox.test.dataone.org/privkey.pem
@datadavev datadavev added the bug Something isn't working label Oct 26, 2021
@datadavev
Copy link
Member Author

This change was implemented on cn-sandbox 2021-10-26 as the DataONE signed certificate had expired.
After editing slapd.conf, slapd was restarted and normal operations resumed.

Stage and production are not yet done.

@datadavev datadavev changed the title Adjust slapd to uses Lets Encrypt certs Adjust slapd to use Lets Encrypt certs Oct 26, 2021
@datadavev datadavev assigned datadavev and taojing2002 and unassigned datadavev Oct 26, 2021
@datadavev datadavev mentioned this issue Oct 26, 2021
Open
@taojing2002
Copy link
Contributor

taojing2002 commented Oct 26, 2021
edited
Loading

I reconfigured cn-stage-ucsb/orc-1 and restart ldap server. It seems working.

We may need to put the production cns into read-only mode to make changes.

The code in cn-buildout needs to be adjusted as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@taojing2002 taojing2002

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@datadavev @taojing2002