Commit f7a06f3a authored by Mike Hibler's avatar Mike Hibler
Browse files

more notes about the SSL certs

parent a994559a
......@@ -24,13 +24,17 @@ A. FreeBSD (while running single user):
Change the root password, this file will get installed by prepare.
* /etc/ssh/ssh_host*
Generate new host keys. Actually, copy from an existing image.
Generate new host keys. Actually, copy from an existing image if
available (i.e., we use a single host key across all images and OSes
within a testbed).
* /etc/emulab/{client,emulab}.pem
Generate a new one. From Leigh:
Just need to cd into the ssl directory and do a gmake
(on their boss of course!) then a gmake boss-installX.
The images need emulab.pem and client.pem from that directory.
Generate new ones. This needs to be done on the site's boss node.
Go into the build tree "ssl" subdirectory and edit the *.cnf.in files
to update the "[ req_distinguished_name ]" section with the appropriate
country, state, city, etc. Then do a "gmake boss-installX" which generates
the certs and installs the server-side. Grab the emulab.pem and client.pem
from that directory to put in the images.
* Unmount filesystems, and remount root read-only to be safe:
cd /
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment