1,106
edits
Technician (talk | contribs) No edit summary |
Technician (talk | contribs) |
||
Line 153: | Line 153: | ||
Copy over the certs from the old server: | Copy over the certs from the old server: | ||
tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p ${SSH_PORT} 'tar - | tar -czPf- /etc/fw-certs | ssh feministwiki.dev -p ${SSH_PORT} 'tar -xzPf-' | ||
The {{C|/etc/fw-certs}} directory | The {{C|/etc/fw-certs}} directory and its contents should be owned by the group {{C|ssl-cert}}. Make sure this is the case on the new server after running the command above, since the group ID might be different on the new server. If the group doesn't exist at all, just create it. | ||
Further, files in that directory which contain the private key ({{C|privkey.pem}} and {{C|bundle.pem}}) should only be readable by group members. That is, their permission mode should be 640, displayed as {{C|-rw-r-----}} in the output of {{C|ls -l}}. Make sure this really the case. | |||
Then, to allow certain services to read those files containing the private key, add them to the {{C|ssl-cert}} group: | |||
adduser ejabberd ssl-cert | adduser ejabberd ssl-cert |