Changeset 32477
- Timestamp:
- 2018-09-21T19:08:14+12:00 (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
main/trunk/greenstone3/build.xml
r32465 r32477 1646 1646 NOTE TO OBTAINING A TLS (SSL) CERTIFICATE FOR HTTPS 1647 1647 ********************************************************************* 1648 A certificate is needed for your GS server to serve pages over https.1648 A signed certificate is needed for your GS server to serve pages over https. 1649 1649 This target will attempt to obtain a certificate for you from the official and free Certificate Authority Let's Encrypt. 1650 However, a certificate can only be obtained if you have sudo permissions on this machine that you're installing Greenstone on.1650 However, a certificate can only be obtained if you have admin/sudo permissions on this machine that you're installing Greenstone on. 1651 1651 1652 1652 Note that: … … 1727 1727 <mkdir dir="${packages.home}/tomcat/webapps/ROOT/.well-known/acme-challenge"/> 1728 1728 <mkdir dir="${packages.home}/tomcat/conf/https_cert"/> 1729 1730 <!-- 1731 For Windows, Greenstone can generate the account and domain keys with the openSSL we compiled up ourselves 1732 and put on SVN (at GS3/bin/windows/openssl) rather than let ZeroSSL generate these keys for the user. 1733 Letting Greenstone generate the keys may be considered more trustworthy by the user than letting a 3rd 1734 party do so. See https://zerossl.com/usage.html#First_time_run_and_regular_use for OpenSSL commands 1735 If we don't generate the keys ourselves with our OpenSSL, then ZeroSSL will do so automatically in the 1736 call to le64/32.exe further below, as it's passed in the flag generate-missing. 1737 --> 1738 <!-- We generate the account key named "privkey.key" in ${packages.home}\tomcat\conf\https_cert --> 1739 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}/openssl/bin" spawn="false"> 1740 <arg value="/c" /> 1741 <arg value="openssl.exe" /> 1742 <arg value="genrsa" /> 1743 <arg value="-out" /><arg value="${packages.home}\tomcat\conf\https_cert\privkey.key" /><arg value="4096" /> 1744 </exec> 1745 1746 <!-- Also generate the domain key (for csr-key parameter to zeroSSL's le.exe) 1747 ${packages.home}\tomcat\conf\https_cert\${tomcat.server}.key 1748 Using 2048 instead of 4096 bits for this. See https://zerossl.com/usage.html#First_time_run_and_regular_use 1749 --> 1750 <exec executable="cmd" osfamily="windows" dir="${basedir}/bin/${os.bin.dir}/openssl/bin" spawn="false"> 1751 <arg value="/c" /> 1752 <arg value="openssl.exe" /> 1753 <arg value="genrsa" /> 1754 <arg value="-out" /><arg value="${packages.home}\tomcat\conf\https_cert\${tomcat.server}.key" /><arg value="2048" /> 1755 </exec> 1729 1756 1730 1757 <!-- stop the included tomcat (also stopping derby and solr) -->
Note:
See TracChangeset
for help on using the changeset viewer.