Hello UCS members! I have a question about an article I am following:

My question concerns this part:

Copy the new certificates

Copying of the new root certificate and client certificates onto the other computer systems (each UCS/UCC system except DC backups - here using ucs-slave as an example computer)

eval "$(ucr shell domainname)"
cd /etc/univention/ssl/
# next step is only needed if root cert is also renewed
scp ucsCA/CAcert.pem root@ucs-slave:/etc/univention/ssl/ucsCA/
rsync -a "ucs-slave.${domainname}" root@ucs-slave:/etc/univention/ssl/

1. Here is mentions DC backup and slave. My understanding is that a ucs-slave and a DC backup are the same thing. It states that this does not have to be run on a DC backup but in the example it uses ucs-slave. Is a slave a backup dc or just a host server?

2. Do these command have to be run from the DC or from the target host where you want to copy the certificate to?

3. Is the ‘ucs-slave’ example computer mentioned here supposed to be replaced by the target host name where you want the certificate copied to?

ad1 dc backup and ucs-slave are different as a dc-backup is a writeable domain controller where a ucs-slave does not have an ldap sync

ad2 yes the command has to be executed from the primary dc

ad3 yes ucs-slave is a synonyme you have to replace it with the your real ucs slave servername

p.s. you don’t have to execute for the dc-backup hosts as they get the certs per rsync from the primary dc

Thank you externa1. I really appreciate the clarification and help. This one is on me…

image116×112 16.3 KB