Changes

From SME Server
Jump to navigationJump to search

Certificates Concepts (view source)

Revision as of 07:41, 3 February 2009

1,056 bytes added ,  07:41, 3 February 2009
Added commands to change certificate validity period
Line 29: Line 29:     
There is a mechanism (custom-templates) to specify how long your sme certificate will last for, eg you can change the validity to say 5 years (instead of 1 yr), if you feel that security model is acceptable, and that will save users from having to reinstall the sme certificate into their browsers every year eg they will be asked again to install it in 5 years (or less) depending when they first installed it.
 
There is a mechanism (custom-templates) to specify how long your sme certificate will last for, eg you can change the validity to say 5 years (instead of 1 yr), if you feel that security model is acceptable, and that will save users from having to reinstall the sme certificate into their browsers every year eg they will be asked again to install it in 5 years (or less) depending when they first installed it.
 +
 +
See /etc/e-smith/templates/home/e-smith/ssl.crt
 +
 +
Copy that fragment from the templates tree to the templates-custom tree
 +
 +
Do
 +
cp /etc/e-smith/templates/home/e-smith/ssl.crt /etc/e-smith/templates-custom/home/e-smith/ssl.crt
 +
then do
 +
pico -w /etc/e-smith/templates-custom/home/e-smith/ssl.crt
 +
and change the value for KEYLIFEINDAYS
 +
on the first line to say 1826 for 5 years.
 +
 +
To to save & exit press the following keys at the same time
 +
ctrl o
 +
ctrl x
 +
 +
Then you need to force sme server to immediately create a new self signed certificate (with the longer validity period) by issuing the following commands. Note to replace the filenames with the correct file/key names applicable to your server.
 +
rm /home/e-smith/ssl.crt/servername.domain.com.crt
 +
rm /home/e-smith/ssl.key/servername.domain.com.key
 +
rm /home/e-smith/ssl.pem/servername.domain.com.pem
 +
signal-event post-upgrade
 +
signal-event reboot
 +
 +
Then add the new 5 year certificate to your browser, and no more questions from your browser until five years time when the certificate validity expires.
    
=====Problem with email client=====
 
=====Problem with email client=====
RayMitchell
624

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/12248"

Navigation menu