Difference between revisions of "Certificate"
m |
|||
Line 72: | Line 72: | ||
''Dietmar Berteld (berdie)'' | ''Dietmar Berteld (berdie)'' | ||
− | |||
− | |||
− | |||
− | |||
− |
Revision as of 11:06, 24 April 2007
Custom Certificate for SME 7.x
Maintainer
Dietmar Berteld
mailto:dietmar@berteld.com
This RPM is based on Nick Critton's great howto. Thanks a lot Nick for your brillant work!
Description
With this RPM-package you can simply set up a new SSL certificate on your SME7 server with a custom Common Name. When installing SME Server, you get a default certificate with the information http://www.xyzcorp.xxx/ and XYZ Corporation. With this package, the certificate information will be updated with the following informations:
- FQDN (Full Qualified Domain Name), which is SystemName.DomainName', e.g. home.myserver.com
- City, which depends on your given info in server manager's directory section
- Company, which depends on your given info in server manager's directory section
- Department, which depends on your given info in server manager's directory section
- E-Mail, which is admin@FQDN
The default length of time for this certificate is 365 days.
Download
You can download this package at smeserver-certificate . If you would like to save it directly on your SME Server, you should give this command at a linux-prompt
wget http://sudemo.info/sme/sme7/config/smeserver-certificate-1.0-1.noarch.rpm
Installation and Uninstall
For installation just hit the following command
yum localinstall smeserver-certificate-1.0-1.noarch.rpm
For uninstall just hit the following command
yum remove smeserver-certificate
You can ignore the yum-comments signal event post-upgrade and signal-event reboot.
Use
The package installs a custom template in
/etc/e-smith/templates-custom/home/e-smith/ssl.crt
With the Custom Template installed the cert will be rebuilt if:
- $defaultCity
- $defaultCompany
- $defaultDepartment
- $domainName
are changed.
So normally you don't have to do nothing in addition.
Tips
To change the length of time before a certificate expires, change Line 2 of the ssl.crt script
use constant KEYLIFEINDAYS => 365;
Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095, etc.)
use constant KEYLIFEINDAYS => 730;
You can change your desired Common Name (FQDN) in line 12. For doing this, change the default info
my $CommonName = $FQDN;
to your desired name
my $CommonName = special.myserver.com;
After changing your infos, you have to update your certificate manually with
signal-event domain-modify signal-event email-update
Additional information
For additional information see this thread.
Have much fun with your own certificate !
Dietmar Berteld (berdie)