Changes between Version 15 and Version 16 of InstallDiscoveryBrowse


Ignore:
Timestamp:
10/10/07 17:30:44 (12 years ago)
Author:
pjkersha
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • InstallDiscoveryBrowse

    v15 v16  
    148148sudo mkdir /etc/ndg/ows_server/conf /etc/ndg/ows_server/run /etc/ndg/ows_server/logs 
    149149sudo mkdir /etc/ndg/ows_server/conf/certs  
    150 }}} 
     150sudo chmod 700 /etc/ndg/ows_server/conf/certs 
     151}}} 
     152 
     153The last step is an additional precaution to protect files in certs/ 
    151154 
    152155Copy config files from the repository to `/etc/ndg/ows_server/conf` 
     
    175178}}} 
    176179 
    177 Contact [mailto:P.J.Kershaw@rl.ac.uk Phil] in order to get help making the security settings under `[NDG_SECURITY]` section of the config file. 
     180=== Security Settings === 
     181 1. Create a Discovery Service certificate and private key to enable it communicate securely with security services.  First, generate a new private key: 
     182{{{ 
     183cd /etc/ndg/ows_server/conf/certs 
     184openssl genrsa -des3 -out discovery.key 2048 
     185chmod 400 discovery.key 
     186}}} 
     187 
     188You will be prompted for a password to protect the file.  If you don't want to password protect it, omit the `-des3` argument. 
     189 
     190Then, create a new certificate request: 
     191 
     192{{{ 
     193openssl req -new -key discovery.key -out discovery.csr 
     194}}}/etc/ndg/ows_server/conf/certs 
     195 
     196You will be prompted for the fields that will make up the Distinguished Name of the certificate when it is issued.  It is recommended that a Common Name is set to `DiscoveryService`.   Organisation can be `NDG` and Organisation Unit, the name of your organisation.  Other fields can be left blank.   
     197 
     198[mailto:P.J.Kershaw@rl.ac.uk E-mail] the request file so that it can signed and sent back to you: 
     199 
     200{{{ 
     201mail p.j.kershaw@rl.ac.uk -s 'Certificate Request' < discovery.csr 
     202}}} 
     203 
     204When you receive the signed certificate copy it into `/etc/ndg/ows_server/conf/certs/discovery.crt`. 
     205 
     206Contact [mailto:P.J.Kershaw@rl.ac.uk Phil] in order to get help making the other security settings under `[NDG_SECURITY]` section of the config file. 
    178207 
    179208== Step 11: Start the services ==