ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (JIRA)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-7928) Use "Let's encrypt" for OFBiz demos SSL/TLS certificates
Date Mon, 06 Feb 2017 10:37:41 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-7928?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Jacques Le Roux closed OFBIZ-7928.
       Resolution: Done
    Fix Version/s: Release Branch 13.07
                   Release Branch 16.11

This is now done, thanks to Pierre and infra see INFRA-11960

I'll create a task to maintain the documentation in ofbiz\tools\demo-backup\README.MD which
is then used to generate https://cwiki.apache.org/confluence/display/OFBIZ/The+official+demos+and+how+to+maintain+them

> Use "Let's encrypt" for OFBiz demos SSL/TLS certificates
> --------------------------------------------------------
>                 Key: OFBIZ-7928
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-7928
>             Project: OFBiz
>          Issue Type: Task
>            Reporter: Jacques Le Roux
>            Assignee: Pierre Smits
>             Fix For: Release Branch 16.11, Trunk, Release Branch 13.07
> This is a transtion from INFRA-11960
> {quote}
> After some tries, I have finally decided to adapt and use http://blog.ivantichy.cz/blogpost/view/74
which is the most convenient way for OFBiz
> Since we need to use SANs (for demo-trunk-ofbiz.apache.org, demo-stable-ofbiz.apache.org
and demo-old-ofbiz.apache.org which are actually OFBiz instances using different set of ports),
I will try to use "-d ofbiz-vm.apache.org" as 1st "-d" argument and if that does not work
I'll simply use the "-d" parameter with the other sub-domains only. What I actually need is
a renewable certificate in the OFBiz Java keystore (ofbiz.jks) with the SANs present. From
my experiences, the (adapted) script above should provide me that.
> {quote}
> Maybe another possibility would be to install our own HTTPS and use the instructions
provided by Sam Ruby in INFRA-11960.  I have to balance the work with adapting the script
I refered to above.
> {quote}
> The EFF has published new instructions: https://certbot.eff.org/#ubuntutrusty-apache
> FWIW, I had no problem moving from whimy-vm2 to whimsy-vm3. I've now got certs for a
second machine (ghmon-vm). Here's the puppet instructions to download certbot, create a cronjob,
and add use the certificates with Apache httpd:
> https://github.com/apache/infrastructure-puppet/pull/107/commits/8fea8223f398a77e67173c1b0c1b06b80fe576b0
> Once this is deployed, all that is left is running a single command: certbot-auto -d
host1.apache.org -d host2.apache.org... and answering two prompts (you need to provide an
email address and to indicate that you have read the terms of service).
> {quote}

This message was sent by Atlassian JIRA

View raw message