Difference between revisions of "Certificate"
m (Please do not sign, credits/modifications can be reviewed thruogh the history pages.) |
m |
||
Line 80: | Line 80: | ||
---- | ---- | ||
[[Category: Contrib]] | [[Category: Contrib]] | ||
+ | [[Category:Administration:Certificates]] |
Revision as of 15:36, 10 May 2010
Custom Certificate for SME 7.x
Maintainer
Dietmar Berteld
mailto:dietmar@berteld.com
This RPM is based on Nick Critten's great howto. Thanks a lot Nick for your brillant work!
Description
With this RPM-package you can simply set up a new SSL certificate on your SME7 server with a custom Common Name. When installing SME Server, you get a default certificate with the information http://www.xyzcorp.xxx/ and XYZ Corporation. With this package, the certificate information will be updated with the following information:
- FQDN (Full Qualified Domain Name), which is SystemName.DomainName', e.g. home.myserver.com
- City, which depends on your given info in server manager's directory section
- Company, which depends on your given info in server manager's directory section
- Department, which depends on your given info in server manager's directory section
- E-Mail, which is admin@FQDN
The default length of time for this certificate is 365 days.
Download
You can download this package at smeserver-certificate . If you would like to save it directly on your SME Server, you should give this command at a linux-prompt
wget http://mirror.contribs.org/smeserver/contribs/dberteld/certificate/smeserver-certificate-1.0-1.noarch.rpm
Installation and Uninstall
For installation just enter the following command
yum localinstall smeserver-certificate-1.0-1.noarch.rpm
For uninstall just enter the following command
yum remove smeserver-certificate
You can ignore the yum-comments signal event post-upgrade and signal-event reboot.
Use
The package installs a custom template in
/etc/e-smith/templates-custom/home/e-smith/ssl.crt
With the Custom Template installed the cert will be rebuilt if:
- $defaultCity
- $defaultCompany
- $defaultDepartment
- $domainName
are changed.
So normally you don't have to do anything in addition.
Tips
To change the length of time before a certificate expires, change Line 2 of the ssl.crt script
use constant KEYLIFEINDAYS => 365;
Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095, etc.)
use constant KEYLIFEINDAYS => 730;
You can change your desired Common Name (FQDN) in line 12. For doing this, change the default info
my $CommonName = $FQDN;
to your desired name
my $CommonName = "special.myserver.com";
After changing your infos, you have to update your certificate manually with
signal-event domain-modify signal-event email-update
Additional information
For additional information see this thread.
Custom Certificate for SME 7.1.3 and above
you only need to do this as the functionality has been added into the main SME packages:
config setprop modSSL CommonName www.domain.com expand-template /home/e-smith/ssl.crt/crt expand-template /home/e-smith/ssl.key/key signal-event domain-modify signal-event email-update
Unnilennium