Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vanity URL Cert Renewal #387

Open
mishraomp opened this issue Feb 18, 2025 · 1 comment
Open

Vanity URL Cert Renewal #387

mishraomp opened this issue Feb 18, 2025 · 1 comment
Assignees
@mishraomp
Labels
vanity-url

Comments

@mishraomp
Copy link
Contributor

mishraomp commented Feb 18, 2025
edited
Loading

The current entrust cert for https://organicsinfo.gov.bc.ca/ is expiring on March 28 2025, this needs to be renewed.

certbot is no longer working for full automation as OCIO has not done path finding for entrust v2.

Thanks to @DerekRoberts , we have some scripts to automate parts of it. which is here, https://github.com/bcgov/quickstart-openshift-helpers/tree/main/cert-setup

sample initial tickets that was done for initial setup , sorry link is for internal IDIR only: https://apps.nrs.gov.bc.ca/int/jira/browse/SD-105632
https://apps.nrs.gov.bc.ca/int/jira/browse/SD-106523

Some documentation for new and reinstall are here, required snippet is copied into the body. https://apps.nrs.gov.bc.ca/int/confluence/display/DEVGUILD/Generating+a+CSR

Hosted on Openshift
You are hosting the certificate yourself within Openshift.

(Edit by Colin Bussanich: Sept 2023:

Generate a .csr and key.
Keep the key secure. (Generating the .csr on the OpenShift server will save you from having to move it around.)
Create a JIRA ticket for a Certificate Renewal.
Attach the .csr file. (Not the key file.) Assign to Infrastructure ([[email protected]](mailto:[email protected])). If you do not have JIRA access, you can go through the our LWRS service desk, https://apps.nrs.gov.bc.ca/int/jira/servicedesk/customer/portal/1.
Attach the iStore billing codes. There are six: Client / Responsibility / Service Line / Project / Expense Authority / TCA Account (Also called Financial Reporting account.) See [iStore Requests, Billing Information](https://apps.nrs.gov.bc.ca/int/confluence/display/IMBMIDTIER/iStore+Requests%2C+Billing+Information) for codes.
Infrastructure will place an iStore order for the certificate and attach it to the JIRA ticket. Allow several days. Install the certificate. 
For a renewal, go into Openshift and copy the private key portion out from the secret, save it into yourdomain.key, then run:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

openssl req -new -passin file:passphrase.txt -key server.key -out server.csr -subj "/C=CA/ST=British Columbia/L=Victoria/O=Government of the Province of British Columbia/OU=FLNRORD/CN=example.gov.bc.ca"
Then follow the steps above if files need to be sent to appropriate parties.

cc @kdbelair @dawnbcgov @AmanBhathal
@mishraomp mishraomp self-assigned this Feb 18, 2025
@mishraomp
Copy link
Contributor Author

this was raised for cert renewal, https://apps.nrs.gov.bc.ca/int/jira/browse/SD-139737

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mishraomp mishraomp

Labels
vanity-url
Projects
Organics Info Backlog (EPD Digital Services)
Status: No status
Milestone
No milestone
Development

No branches or pull requests
1 participant
@mishraomp