Sometimes it’s neccessary to also create signed certificates for non-UCS systems in a domain. This also becomes more common and also more needed due to communication is often SSL encrypted nowadays.
For such purposes UCS comes with a propriate command set which makes it easy to fullfil the task.
The following command creates a signed certificate for the given server FQDN:
root@ucs-master:~# univention-certificate new -name "another-server.$(dnsdomainname)"
Creating certificate: another-server.my-domain.local
no certificate for another-server.my-domain.local registered
Generating RSA private key, 2048 bit long modulus
..................................+++
.........+++
e is 65537 (0x10001)
Using configuration from /etc/univention/ssl/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'DE'
stateOrProvinceName :PRINTABLE:'DE'
localityName :PRINTABLE:'DE'
organizationName :PRINTABLE:'My Company'
organizationalUnitName:PRINTABLE:'Univention Corporate Server'
commonName :PRINTABLE:'another-server.my-domain.local'
emailAddress :IA5STRING:'ssl@my-domain.local'
Certificate is to be certified until Mar 26 11:21:57 2022 GMT (1825 days)
Write out database with 1 new entries
Data Base Updated
You will find all related files in the newly created folder according to your FQDN within path ‘/etc/univention/ssl’ (eg. ‘/etc/univention/ssl/another-server.my-domain.local’). All what’s left to do is to copy them to the appropriate location on the foreign system:
scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.pem root@another-server.$(dnsdomainname):/etc/ssl/another-server/
scp /etc/univention/ssl/another-server.$(dnsdomainname)/*.key root@another-server.$(dnsdomainname):/etc/ssl/private/another-server.key