Updated the README for the cluster setup stuff with David's suggestions.

cfe-lab · Jul 8, 2024 · 7e76368 · 7e76368
1 parent 78def9e
commit 7e76368
Showing 1 changed file with 17 additions and 2 deletions.
diff --git a/cluster-setup/README.md b/cluster-setup/README.md
@@ -186,10 +186,25 @@ These must be acquired securely from IT or within the software group, and placed
 
 The files needed are:
 
-* `star_cfe_chained.crt`: the chained SSL certificate issued by DigiCert, which certifies that this server
-  belongs to the `cfenet.ubc.ca` or `bccfe.ca` domain.
+* `star_cfe_chained.crt`: the chained SSL certificate; and
 * `star_cfe.key`: our private signing key, used to issue a public key for HTTPS connections.
 
+The chained SSL certificate `star_cfe_chained.crt` is made up of three things:
+
+* The wildcard certificate issued by DigiCert, which certifies that this server belongs to the 
+  `cfenet.ubc.ca` or `bccfe.ca` domain.
+* The intermediate certificate/certificate signing request (CSR).
+* The root certificate.
+
+For example, if the wildcard certificate is named `star_cfe.crt` (this is what we called it in the past),
+the intermediate certificate is named `intermediate.csr`, and the root certificate is named
+`DigiCertCA.crt` (this is what we called it in the past), the chained SSL certificate would be 
+generated by executing
+
+    cat star_cfe.crt intermediate.csr DigiCertCA.crt > star_cfe_chained.crt.
+
+The chained certificate can be verified with `openssl verify star_cfe_chained.crt`.
+
 These will then be used in the next step to configure Apache.
 
 ### Set up network drives