UCS and own PKI


#1

hi,
i’m a absolute beginner with ucs, so some main question are not clear for me. one of them are the pki environment - how can i configure my root certificate with is placed on the master controller ? what i see, there was installed a selfsigned certficate but without interaction during the installation process - so no chance to change the key lengh or algorythm - is there a guide to deploy a PKI Envirionment with root ca and sub ca ?

thanks
hans


#2

Hi! There’s no specific guide for your scenario, but you might want to check the manual and the Knowledge Base articles about the self-signed CA that comes automatically with every UCS Master:

https://docs.software-univention.de/manual-4.4.html#domain:ssl
https://help.univention.com/search?q=certificates%20%23knowledge-base%3Asupported

Those articles cover how to renew the certificates or the complete chain, how to use other certificates for services like Apache and so on. Parameters like the key length and validity can be configured using UCR prior to creating new certificates: http://docs.software-univention.de/manual-4.4.html#computers:Administration_of_local_system_configuration_with_Univention_Configuration_Registry

There’s also an extension to create user and client certificates: https://help.univention.com/t/11782

If you have any specific questions, feel free to ask :slight_smile: