498
edits
Changes
Jump to navigation
Jump to search
Line 103:
Line 103: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Talk:OCS Inventory Tools (view source)
Revision as of 16:24, 7 November 2007
, 16:24, 7 November 2007Future RPM
charlie said just make it ([http://bugs.contribs.org/show_bug.cgi?id=3464 as you now do]), so lets close opened bugs
charlie said just make it ([http://bugs.contribs.org/show_bug.cgi?id=3464 as you now do]), so lets close opened bugs
== Future RPM ==
===Next RPM version===
Quick sumarry of what will change on the next release... This is just suggestions, let's discuss about it!
====New Apache template====
As suggested by Stefen:
Content of '''''/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL10SSLCACertificateFile'''''
# OCS Inventory NG Certificate
{
if (-f '/home/e-smith/ssl.crt/cacert.pem')
{ $OUT = "SSLCACertificateFile /home/e-smith/ssl.crt/cacert.pem"; }
else
{ $OUT = "# File /home/e-smith/ssl.crt/cacert.pem not present, deployment will not be possible"; }
}
====Specification File====
I suggest adding following code in the '''''.spec''''' file in the '''%post''' section
if [ ! -e /home/e-smith/ssl.crt/cacert.pem ]; then
cp /home/e-smith/ssl.crt/$SRVNAME.$DOMAIN.crt /home/e-smith/ssl.crt/cacert.pem
fi
''$SRVNAME'' and ''$DOMAIN'' are already gathered with following code in the '''''.spec''''' file:
DOMAIN=$(/sbin/e-smith/db configuration get DomainName)
SRVNAME=$(/sbin/e-smith/db configuration get SystemName)
This way, if the certificate doesn't exist, it's "generated" by the RPM install and uses SME's one. This method should be safe...
Users can try using this one, and if it don't work, they can follow up your instructions with Shad's CACERT howto and replace the existing file!
By the way, I had some problem using the certificate untill I fixed DNS issues (I use NO-IP and this free service don't allow wildcards!)
This ends with some errors in Apache log file:
[warn] RSA server certificate CommonName (CN) `servername.mydomain.no-ip.com' does NOT match server name!?
Here's how I fixed my problem:
config setprop modSSL CommonName mydomain.no-ip.com # It would be www.mydomain.no-ip.com if NO-IP had allowed wildcards like dyndns services)
expand-template /home/e-smith/ssl.crt/crt 2> /dev/null
signal-event domain-modify
signal-event email-update
Cool34000
----