Difference between revisions of "Certificate"
Unnilennium (talk | contribs) |
(→Use) |
||
| Line 40: | Line 40: | ||
are changed. | are changed. | ||
| − | So normally you don't have to do | + | So normally you don't have to do anything in addition. |
==Tips== | ==Tips== | ||
Revision as of 10:14, 29 April 2008
Custom Certificate for SME 7.x
Maintainer
Dietmar Berteld
mailto:dietmar@berteld.com
This RPM is based on Nick Critten's great howto. Thanks a lot Nick for your brillant work!
Description
With this RPM-package you can simply set up a new SSL certificate on your SME7 server with a custom Common Name. When installing SME Server, you get a default certificate with the information http://www.xyzcorp.xxx/ and XYZ Corporation. With this package, the certificate information will be updated with the following information:
- FQDN (Full Qualified Domain Name), which is SystemName.DomainName', e.g. home.myserver.com
- City, which depends on your given info in server manager's directory section
- Company, which depends on your given info in server manager's directory section
- Department, which depends on your given info in server manager's directory section
- E-Mail, which is admin@FQDN
The default length of time for this certificate is 365 days.
Download
You can download this package at smeserver-certificate . If you would like to save it directly on your SME Server, you should give this command at a linux-prompt
wget http://mirror.contribs.org/smeserver/contribs/dberteld/certificate/smeserver-certificate-1.0-1.noarch.rpm
Installation and Uninstall
For installation just hit the following command
yum localinstall smeserver-certificate-1.0-1.noarch.rpm
For uninstall just hit the following command
yum remove smeserver-certificate
You can ignore the yum-comments signal event post-upgrade and signal-event reboot.
Use
The package installs a custom template in
/etc/e-smith/templates-custom/home/e-smith/ssl.crt
With the Custom Template installed the cert will be rebuilt if:
- $defaultCity
- $defaultCompany
- $defaultDepartment
- $domainName
are changed.
So normally you don't have to do anything in addition.
Tips
To change the length of time before a certificate expires, change Line 2 of the ssl.crt script
use constant KEYLIFEINDAYS => 365;
Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095, etc.)
use constant KEYLIFEINDAYS => 730;
You can change your desired Common Name (FQDN) in line 12. For doing this, change the default info
my $CommonName = $FQDN;
to your desired name
my $CommonName = "special.myserver.com";
After changing your infos, you have to update your certificate manually with
signal-event domain-modify signal-event email-update
Additional information
For additional information see this thread.
Have much fun with your own certificate !
Dietmar Berteld (berdie)
Custom Certificate for SME 7.1.3 and above
you only need to do this as the functionality has been added into the main SME packages:
config setprop modSSL CommonName www.domain.com expand-template /home/e-smith/ssl.crt/crt expand-template /home/e-smith/ssl.key/key signal-event domain-modify signal-event email-update
Unnilennium
