UCS Openssl request signing error

UCS: 4.2-2 errata 198

I created a signing request from another machine and used UCS to sign the request. BUT the following error is produced:

using configuration from /etc/univention/ssl/openssl.cnf
error on line 31 of config file '/etc/univention/ssl/openssl.cnf'
139969125799568:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:584:line 31

Please help.

Hey,

you cannot simply use an existing openssl.cnf from Univention as they use several environment variables that must be set. You can set them like this:

DEFAULT_CRL_DAYS="$(/usr/sbin/univention-config-registry get ssl/crl/validity)"
: ${DEFAULT_CRL_DAYS:=10}
DEFAULT_DAYS="$(/usr/sbin/univention-config-registry get ssl/default/days)"
: ${DEFAULT_DAYS:=1825}
DEFAULT_MD="$(/usr/sbin/univention-config-registry get ssl/default/hashfunction)"
: ${DEFAULT_MD:=sha256}
DEFAULT_BITS="$(/usr/sbin/univention-config-registry get ssl/default/bits)"
: ${DEFAULT_BITS:=2048}

export DEFAULT_MD DEFAULT_BITS DEFAULT_CRL_DAYS

Then sign the certificate.

Kind regards,
mosu

I followed this link:
https://docs.software-univention.de/domain-4.0.html#extdom:ssl:sign
The instructions fall under this title:

3.2. Signing of certificate signing requests by the UCS certificate authority

Your instructions are not found there. Will try them in any case.

The documentation is clearly incomplete and out of sync with how OpenSSL is configured.

I’ve filed a bug for this.