From: Steve Sheppard Date: Tue, 23 Nov 2010 17:11:48 +0000 (-0500) Subject: add info on installing and configuring public key certificate systems; X-Git-Tag: sprint4-merge-nov22~4203^2~282 X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=9ec8a65e8c9478594ed4f06de4fbb34eeb56dc27;p=working%2FEvergreen.git add info on installing and configuring public key certificate systems; --- diff --git a/1.6/admin/serversideinstallation.xml b/1.6/admin/serversideinstallation.xml index 7ea420ee05..20adc19fb8 100644 --- a/1.6/admin/serversideinstallation.xml +++ b/1.6/admin/serversideinstallation.xml @@ -672,7 +672,7 @@ math service: /openils/bin/srfsh - srfsh# request opensrf.math add 2 2 + srfsh# request opensrf.math add 2 2 Received Data: 4 ------------------------------------ Request Completed Successfully @@ -981,8 +981,8 @@ following commands: cd /openils/conf - cp opensrf.xml opensrf.xml.BAK - cp opensrf_core.xml opensrf_core.xml.BAK + cp opensrf.xml opensrf.xml.BAK + cp opensrf_core.xml opensrf_core.xml.BAK cp opensrf.xml.example opensrf.xml cp opensrf_core.xml.example opensrf_core.xml cp oils_web.xml.example oils_web.xml @@ -1116,7 +1116,7 @@ user, perform the following commands: cd /home/opensrf/Evergreen-ILS-1.6.1.2 - cp Open-ILS/examples/apache/eg.conf /etc/apache2/sites-available/ + cp Open-ILS/examples/apache/eg.conf /etc/apache2/sites-available/ cp Open-ILS/examples/apache/eg_vhost.conf /etc/apache2/ cp Open-ILS/examples/apache/startup.pl /etc/apache2/ @@ -1234,8 +1234,7 @@ changes increase the number of Apache server processes that are started to support additional browser connections. - As the root user, edit the + As the root user, edit the Apache configuration file /etc/apache2/apache2.conf, locate and modify the section related to @@ -1243,10 +1242,10 @@ the load on your system: - StartServers 20 - MinSpareServers 5 - MaxSpareServers 15 - MaxClients 150 + StartServers 20 + MinSpareServers 5 + MaxSpareServers 15 + MaxClients 150 MaxRequestsPerChild 10000 ]]> @@ -1489,7 +1488,6 @@ expected. Testing Connections to Evergreen - Once you have installed and started Evergreen, test your connection to Evergreen. Start the srfsh application and try logging onto the Evergreen server using the default administrator username and password. Following is sample output generated by executing @@ -1579,10 +1577,19 @@ Configure a permanent SSL key In a previous step (see ) you used the command openssl to temporarily - create a new SSL key for the Apache server. This self-signed certificate was adequate + create a new SSL key for the Apache server. This self-signed security certificate was adequate during testing and development, but will continue to generate warnings in the Staff Client and browser. For a public production server you should configure or purchase a signed SSL certificate. + There are several open source software solutions that provide schemes to generate and + maintain public key security certificates for your library system. Some popular projects are + listed below; please review them for background information on why you need such a system and how + you can provide it: + + http://www.openca.org/projects/openca/ + http://sourceforge.net/projects/ejbca/ + http://pki.fedoraproject.org + The temporary SSL key was only created to expedite