Hello,
I already my own PKI setup; can I use my own root CA for UCS? My naive expectation is to replace CAcert.pem
and CAcert.key (under /etc/univention/ssl/) by my version, and re-generate the existing certs. Is it going to work?
thanks in advance for any hint
I answer my own question, in case someone might need it:
(1) replace these files by my own version (in my case I had already another UCS master):
/etc/univention/ssl/password
/etc/univention/ssl/ucsCA/CAcert.pem
/etc/univention/ssl/ucsCA/private/CAkey.pem
(2) re-create the certs:
eval "$(ucr shell)"
cd /etc/univention/ssl
for i in *".$domainname"; do univention-certificate renew -name "$i" -days "$(ucr get ssl/default/days)"; done