Hello Supporter,
hopefully someone can help me with this failure which happened since yesterday. If I want to login in the web base setting I get the followed message:
“Interner Server-Fehler: Der Dienst ist momentan nicht erreichbar!
Konnte nicht zum LDAP-Dienst verbinden.
Fehlermeldung: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (certificate has expired)”
Is there an easy way how I can renew this certificate. Keep in mind that sending and recieving of mail isnt also possible
I just had that same exact issue. The solution I used was to launch a browser (in my case, Microsoft Edge) which is insecure/ignores Certificate validation and then update your certificate via the Management console.
Also, if you use the Univention LetsEncrypt app, you can update your other servers’ certificates from a single host if it has a valid cert.
Hello Rudi,
thx for your feedback! I think we havent realy the same topic because I cant enter if I ignor this meassage by press ok. I cant enter to management consol. this toipc came up because I count recive and send mails. therfore I want to log in the managment consol. The server certivicate needs to be updated but how?! This is the meassage which i get. Hopefully you can give me more details how you fixed this:
Renewing the certificates is the right thing to do, but you linked the How-To on extending the CA certificate.
The right article is this one: Renewing the complete SSL certificate chain
Thx a lot for the workaround! I create based on a new privat certificat and that works but now I stick to get “DC Slave Hosts”. With which comand can shown this information? I dont know, sorry.
I couldn’t either, unless I used a less-secure browser like Microsoft Edge which allowed me to ignore the expired certificate. I’m not sure which browser you’re using in your screenshots, however I explained in my first post why Edge was my solution
Thanks for the feedbacks regarding the renewing of the certificate. Sorry but I wasn’t successful with the instruction! But I fund a easy way to renew the certificate by webapp surface as followed:
1.) Starting of web surface of server and login in module “System und Domäneionstellungen”
2.) Go to “System” in the sub menu is shown “Zertifikats Einstellungen”
3.)
4.) Change under the general setting the ID (only one letter of number change is enough) and store this with “Änderungen übenehmen”. Now the server will create a new certificate which be applicable directly.
5.)
6.) Please keep in mind that this is only possible if the “old” 5 years valid certificate isn’t over the expired date.
Hope this helps somebody!
I have recreated the CA as described in the link. What I noticed is that on this system (UCS 4) there is no folder for ucs-sso.[domain] in the path /etc/univention/ssl.
On a UCS5 there is this directory. Is this relevant?
root@tux:/etc/univention/ssl# eval "$(ucr shell domainname)"
root@tux:/etc/univention/ssl# install -o root -g samlcgi -m 0644 /etc/univention/ssl/"ucs-sso.${domainname}"/cert.pem /etc/simplesamlphp/"ucs-sso.${domainname}-idp-certificate.crt"
install: der Aufruf von stat für '/etc/univention/ssl/ucs-sso.dawa.lan/cert.pem' ist nicht möglich: Datei oder Verzeichnis nicht gefunden
