1,234
edits
Changes
no edit summary
* certificates, CAs, relationship with DNS
* CA-signed certs cost money. we have to use let's encrypt which is lame because it expires quickly unless you run their software on your server. but it's free
* follow this except the deploy part: https://help.datica.com/hc/en-us/articles/360044373551-Creating-and-Deploying-a-LetsEncrypt-Certificate-Manually
* install certbot in your workstation using apt or the software manager
<source>$ sudo su
You have new mail in /var/mail/root
root@p51:/home/andrew# cp /etc/letsencrypt/live/asmith15.ops345.ca/privkey.pem ~andrew/prog/seneca/ops345/new/keys/asmith15.ops345.ca.privkey.pem
root@p51:/home/andrew# chown andrew ~andrew/prog/seneca/ops345/new/keys/asmith15.ops345.ca.privkey.pem
root@p51:/home/andrew# exit
</source>
* The file in /etc/letsencrypt/live/asmith15.ops345.ca/privkey.pem is what a CA would send you after you paid them. This one is free but it expires in 90 days, which is good enough for this course.