Hello,
We have reconfigured our Univention system from a self-certified CA to a SubCA in an internal company PKI structure. In preparation, we searched for documentation on the SSL structure, contexts/certificate automation/scripts of the Univention system, but did not find much. (Perhaps we did not ask the right search questions.) AI help should be treated with caution in some cases.
Fortunately, the conversion to a sub-CA was described in various instructions.
The following questions remain unanswered:
-
Can outdated certificates (after the change) simply be deleted from /etc/univention/ssl/ucsCA/certs/?
-
What is the process for automatic certificate renewals for servers/clients?
-
Can certificates also be created for code signing? This is a prerequisite for us to replace a Windows CA.
If this does not yet exist, it would be nice if a white paper on Univention’s SSL infrastructure could be published. SSL is an important core component of the excellent Univention software.
thx
Frank