Difference between revisions of "Certificate"

From SME Server
Jump to navigationJump to search
Line 40: Line 40:
 
are changed.  
 
are changed.  
  
So normally you don't have to do nothing in addition.
+
So normally you don't have to do anything in addition.
  
 
==Tips==
 
==Tips==

Revision as of 09:14, 29 April 2008


Custom Certificate for SME 7.x

Maintainer

Dietmar Berteld
mailto:dietmar@berteld.com

This RPM is based on Nick Critten's great howto. Thanks a lot Nick for your brillant work!

Description

With this RPM-package you can simply set up a new SSL certificate on your SME7 server with a custom Common Name. When installing SME Server, you get a default certificate with the information http://www.xyzcorp.xxx/ and XYZ Corporation. With this package, the certificate information will be updated with the following information:

  • FQDN (Full Qualified Domain Name), which is SystemName.DomainName', e.g. home.myserver.com
  • City, which depends on your given info in server manager's directory section
  • Company, which depends on your given info in server manager's directory section
  • Department, which depends on your given info in server manager's directory section
  • E-Mail, which is admin@FQDN

The default length of time for this certificate is 365 days.

Download

You can download this package at smeserver-certificate . If you would like to save it directly on your SME Server, you should give this command at a linux-prompt

wget http://mirror.contribs.org/smeserver/contribs/dberteld/certificate/smeserver-certificate-1.0-1.noarch.rpm

Installation and Uninstall

For installation just hit the following command

yum localinstall smeserver-certificate-1.0-1.noarch.rpm 

For uninstall just hit the following command

yum remove smeserver-certificate

You can ignore the yum-comments signal event post-upgrade and signal-event reboot.

Use

The package installs a custom template in

/etc/e-smith/templates-custom/home/e-smith/ssl.crt 

With the Custom Template installed the cert will be rebuilt if:

  • $defaultCity
  • $defaultCompany
  • $defaultDepartment
  • $domainName

are changed.

So normally you don't have to do anything in addition.

Tips

To change the length of time before a certificate expires, change Line 2 of the ssl.crt script

use constant KEYLIFEINDAYS => 365;

Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095, etc.)

use constant KEYLIFEINDAYS => 730;

You can change your desired Common Name (FQDN) in line 12. For doing this, change the default info

my $CommonName = $FQDN;

to your desired name

my $CommonName = "special.myserver.com";


After changing your infos, you have to update your certificate manually with

signal-event domain-modify
signal-event email-update 


Additional information

For additional information see this thread.


Have much fun with your own certificate !

Dietmar Berteld (berdie)

Custom Certificate for SME 7.1.3 and above

you only need to do this as the functionality has been added into the main SME packages:

config setprop modSSL CommonName www.domain.com
expand-template /home/e-smith/ssl.crt/crt
expand-template /home/e-smith/ssl.key/key
signal-event domain-modify
signal-event email-update 

see [1] and [2]

Unnilennium