Sometimes it’s neccessary to also create signed certificates for non-UCS systems in a domain. This also becomes more common and also more needed due to communication is often SSL encrypted nowadays.
For such purposes UCS comes with a propriate command set which makes it easy to fullfil the task.
The following command creates a signed certificate for the given server FQDN:
root@ucs-master:~# univention-certificate new -name "another-server.$(dnsdomainname)" Creating certificate: another-server.my-domain.local no certificate for another-server.my-domain.local registered Generating RSA private key, 2048 bit long modulus ..................................+++ .........+++ e is 65537 (0x10001) Using configuration from /etc/univention/ssl/openssl.cnf Check that the request matches the signature Signature ok The Subject's Distinguished Name is as follows countryName :PRINTABLE:'DE' stateOrProvinceName :PRINTABLE:'DE' localityName :PRINTABLE:'DE' organizationName :PRINTABLE:'My Company' organizationalUnitName:PRINTABLE:'Univention Corporate Server' commonName :PRINTABLE:'another-server.my-domain.local' emailAddress :IA5STRING:'firstname.lastname@example.org' Certificate is to be certified until Mar 26 11:21:57 2022 GMT (1825 days) Write out database with 1 new entries Data Base Updated
You will find all related files in the newly created folder according to your FQDN within path ‘/etc/univention/ssl’ (eg. ‘/etc/univention/ssl/another-server.my-domain.local’). All what’s left to do is to copy them to the appropriate location on the foreign system:
scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.pem root@another-server.$(dnsdomainname):/etc/ssl/another-server/ scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.key root@another-server.$(dnsdomainname):/etc/ssl/private/another-server.key