*.transitionnetwork.org 2015 security certificate

[chris]

The current wild-card *.transitionnetwork.org cert will run out on 24th Jan, this is a ticket to track the time spent renewing it.

See also ticket:795, SHA1 Deprecation: Regenerate all certs using SHA256.

[ed]

replacing Ed with ADE as cc

[ed]

This being done at around the same time as ticket #826

[chris]

For info see:

• wiki:SecurityInfo

Following last years steps on PenguinServer, ticket:685#comment:2 with SHA256 updates, see ​https://wiki.gandi.net/en/ssl/csr

sudo -i
cd /etc/ssl/transitionnetwork.org
mkdir 2015
chmod 700 2014
cd 2015
openssl req -nodes -newkey rsa:2048 -sha256 -keyout transitionnetwork.org.key -out transitionnetwork.org.csr
...
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Transition Network
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.transitionnetwork.org         
Email Address []:webproject@transitionnetwork.org
...
chmod 600 *.*

The next step is one for Ed / Ade:

Please log into your handle EM7826-GANDI and visit the following URL
in order to view its status and complete the verification steps to
prove you have control of the domain:

​https://www.gandi.net/admin/ssl/steps/25785564

[ed]

Followed Chris' steps - got an error message "ERROR: you cannot cancel this operation".

Checked the SSL status in the account and it all looks fine.
​https://www.gandi.net/admin/ssl/121008/details

Chris please confirm this is all good for you

[chris]

Yes all is good, not sure why they said that step was needed, seems it wasn't -- the cert has come through, I'll follow up the deployment on ticket:795, note no time has been added to ticket as the time to generate the CSR and get the cert has been invoiced with the cert cost by Webarchitects (£10).