FAQ | This is a LIVE service | Changelog

Commit c2096111 authored by Steve Ison's avatar Steve Ison
Browse files

Add details for ex-ucs dev group tls certs

parent 391e54b9
......@@ -10,3 +10,6 @@ guidebook provides a single place for these notes to live.
* The [Webapp Developer Environment](webapp-dev-environment.md) note discusses
our standard development environment when creating web applications.
* [UCS development group services](ucs-dev-group-services.md) note discusses
older UCS development group services.
# UCS Development Group Services
The University Computing Service (UCS) was one of the parent organisations that merged to form University Information Services (UIS).
The UCS development group wrote services, some of which are still in use today. As the UCS and it's dev group no longer exist, responsibility for running these has been transferred to DevOps.
The services run by DevOps currently includes:
* [Lookup](../services/lookup.md)
* [Password Changing Application](../services/passwords.md)
* [Human Tissue Tracking Application](../services/hta.md)
* [Network Access Tokens Application](../services/eduroam-tokens.md)
* [Software Sales Application](../services/software-sales.md)
* [Streaming Media Service](../services/streaming-media.md)
* [TLS Certificates Application](../services/tls-certificates.md)
* [University Training Booking System](../services/utbs.md)
* [University Search Frontend](../services/search-frontend.md)
## TLS certificates on UCS development group services
Installation of TLS certificates on UCS dev group services is a manual process.
### Certificate locations
Some services seem to have directories (ssl.crt and ssl.key) created to hold the certficate and key files, other use the tomcat config directory, `grep -i certificate /srv/www/tomcat6/base/conf/server.xml` should show the path.
### To install new certificates
Obtain the new certificates from the [TLS certificate application](https://tlscerts.uis.cam.ac.uk/).
Copy the new certificate and key files to the certificate location on the target system.
Update the tomcat configuration to use the new certificate, edit `/srv/www/tomcat6/base/conf/server.xml`.
Ensure that the certificate and key have the correct ownership and permissions with `chown ucstomcat <file>` and `chmod 600 <file>`.
### To update the intermidiate certificate:
Create a new file, `qvsslg3.crt`, in the certificate location containing the
new intermediate certificate, remove any blank lines from it.
Ensure that the certificate and key have the correct ownership and permissions with `chown ucstomcat <file>` and `chmod 600 <file>`.
In `/srv/www/tomcat6/base/conf/server.xml`, edit the line that says (path might be different on your system):
`certificateChainFile="/srv/www/tomcat6/base/conf/QuoVadisGlobalSSLICAG3.crt"`
to:
`certificateChainFile="/srv/www/tomcat6/base/conf/qvsslg3.crt"`
Restart Tomcat:
`service tomcat6 restart`
\ No newline at end of file
......@@ -15,6 +15,7 @@ nav:
- notes/gcp-deployments.md
- notes/google-domain-verification.md
- notes/gunicorn-tuning.md
- notes/ucs-dev-group-services.md
- 'Workflow':
- workflow/index.md
- workflow/gitlab.md
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment