tom/ldx_ssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

explicit sudo

Browse Source
This commit is contained in:
Thomas Constans
2025-12-04 16:48:38 +01:00
parent 7391f39107
commit 91abb8d783
1 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Readme.md
View File

@@ -23,24 +23,24 @@ Suivre la procédure slide 97.
### Certificat letsencrypt
```bash
systemctl stop httpd
dnf install certbot -y
certbot certonly --standalone -d CHANGEME.formation.opendoor.fr -m formation@opendoor.fr --agree-tos --test-cert
sudo systemctl stop httpd
sudo dnf install certbot -y
sudo certbot certonly --standalone -d CHANGEME.formation.opendoor.fr -m formation@opendoor.fr --agree-tos --test-cert
# répondre N à la question
systemctl start httpd
sudo systemctl start httpd
```
⚠️ Attention, pour que le certificat (de test) soit reconnu, il faudra que le client télécharge la clé publique de la CA:
```bash
curl https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem -L >> /etc/openldap/certs/ca.pem
echo TLS_CACERT /etc/openldap/certs/ca.pem >> /etc/openldap/ldap.conf
curl https://letsencrypt.org/certs/staging/letsencrypt-stg-root-x1.pem -L | sudo tee -a /etc/openldap/certs/ca.pem
echo TLS_CACERT /etc/openldap/certs/ca.pem | sudo tee -a /etc/openldap/ldap.conf
```
Attention également aux permissions. L'utilisateur _ldap_ doit pouvoir lire les différents fichiers:
```bash
chgrp -R ldap /etc/letsencrypt/{archive,live}
chmod -R g+rX /etc/letsencrypt/{archive,live}
sudo chgrp -R ldap /etc/letsencrypt/{archive,live}
sudo chmod -R g+rX /etc/letsencrypt/{archive,live}
```
## Configurer le serveur