Hello there,
Because of soon expiring SSL host certificate I try to renew it using this HowTo:
I have processed all the steps without error messages until the point " SAML SSO".
The line
ucr set umc/saml/idp-server="https://${ucs_server_sso_fqdn}/simplesamlphp/saml2/idp/metadata.php" || echo 'Failed!'
throw a lot of text like
Setting umc/saml/idp-server
Module: setup_saml_sp
Try to download idp metadata (1/60)
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:–:-- --:–:-- --:–:-- 0
curl: (60) SSL certificate problem: self signed certificate in certificate chain
for 1/60 to 60/60
and ending with
[ ok ] Reloading univention-management-console-web-server configuration (via systemctl): univention-management-console-web-server.service.
Multifile: /etc/pam.d/univention-management-console
File: /etc/ldap/sasl2/slapd.conf
Could not download IDP metadata for https://ucs-sso.[MyDomain]/simplesamlphp/saml2/idp/metadata.php
Failed!
Now I face a lot of problems:
If I start the UMC on the server, Firefox says SEC_ERROR_BAD_SIGNATURE
From a client UMC starts but if I try to login to the Domainsettings there is this error message:
Konnte nicht zum LDAP-Dienst verbinden.
Fehlermeldung: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed (self signed certificate in certificate chain)
My E-Mail-Client (Thunderbird) won’t connect to the Mailserver due to certificate error…
Can’t connect to the Nextcloud…
There seems to be a serios problem with the new certificate and even after hours of searching and trying I stuck with this.
What can I do to correct it?
Any helping hand would be appreciated…