Univention Corporate Server (UCS) » SSL certificates

ID #1382

How to create an UCS-CA signed certificate for a non-UCS system within domain

Produktlogo UCS Version 4.x


Sometimes it's neccessary to also create signed certificates for non-UCS systems in a domain. This also becomes more common and also more needed due to communication is often SSL encrypted nowadays.

For such purposes UCS comes with a propriate command set which makes it easy to fullfil the task.

The following command creates a signed certificate for the given server FQDN:
root@ucs-master:~# univention-certificate new -name "another-server.$(dnsdomainname)"
Creating certificate: another-server.my-domain.local
no certificate for another-server.my-domain.local registered
Generating RSA private key, 2048 bit long modulus
..................................+++
.........+++
e is 65537 (0x10001)
Using configuration from /etc/univention/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName           :PRINTABLE:'DE'
stateOrProvinceName   :PRINTABLE:'DE'
localityName          :PRINTABLE:'DE'
organizationName      :PRINTABLE:'My Company'
organizationalUnitName:PRINTABLE:'Univention Corporate Server'
commonName            :PRINTABLE:'another-server.my-domain.local'
emailAddress          :IA5STRING:'ssl@my-domain.local'
Certificate is to be certified until Mar 26 11:21:57 2022 GMT (1825 days)

Write out database with 1 new entries
Data Base Updated

You will find all related files in the newly created folder according to your FQDN within path '/etc/univention/ssl' (eg. '/etc/univention/ssl/another-server.my-domain.local'). All what's left to do is to copy them to the appropriate location on the foreign system:

scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.pem root@another-server.$(dnsdomainname):/etc/ssl/another-server/
scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.key root@another-server.$(dnsdomainname):/etc/ssl/private/another-server.key

Tags: certificate, certificates, foreign, RootCA, sign

Related entries:

Last update: 2017-03-28 14:43
Author: Nico Stöckigt
Revision: 1.1

Digg it! Share on Facebook Print this record Send FAQ to a friend Show this as PDF file
Please rate this FAQ:

Average rating: 0 (0 Votes)

completely useless 1 2 3 4 5 most valuable

You cannot comment on this entry