Q&A: How can I verify SSO certificate of all sso servers


All systems that provide SSO must have the very same certificate. How can I check the local certificates?


You have to check the ucs-sso certificate on every system that provides SSO and compare it with each other. On the Master you can easily access all other UCS systems, retrieve the certificate and print the needed information to compare them.


for ip in $( host ucs-sso.$(dnsdomainname) | awk '{print $4}' ); do
	for h in $( host $ip | sed -ne 's/.* //;s/.$//p'); do
		echo "Checking Host: '$h'"
		ssh -q $h -o StrictHostKeyChecking=no \
			openssl x509 -in /etc/univention/ssl/ucs-sso.$(dnsdomainname)/cert.pem -noout -text | \
			grep -Ei -A1 "(Version:|Key Identifier:)"