Serveral switches on my internal network need their own certificates issued and the corresponding pem files uploaded to properly support https for their management GUI. As my infrastructure can not be reached/verified from the internet, LetsEncrypt is no viable solution. The facilitation of the internal CA of the UCS server looks intriguing…
First of all - thanks for all the great “cool solutions”, there’s a lot to discover and the solutions are really straight from the field!
I installed the usercert/windowscert solution. This gives me a GUI to manage user and computer certificates. Unfortunately, the “windowscert” part is rather narrow in scope and really only does what it says on the lid - issue certificates for computers that are of type “Windows Workstation/Server”. For a computer of type “ip managed client” (which I guess is the closest to my situation), the necessary parts of the GUI are not even shown.
Real World Example
Primary (and only) Domain Controller:
DNS name of switch:
IP address of switch:
- Is there a way to make the desired certificate handling work within UMC? Perhaps a trick or workaround (e.g. make pretend the switch is a windows pc …)?
- By any chance, are there readymade shell scripts/programs by Univention that access the “well known” parts of the ucs infrastructure to produce certificates? All the defaults are stored in the UCR, so some “situation aware” script could simplify the command line handling of certificate creation quite effectively…
- If anything else fails, are there any other leads for me, any links or well documented (support) cases where the task was comparable and I could latch on to the solution and bend it to my needs?