Hey,
I found this article on how to enable the cool-solutions user and machine certificates. This works great with UCS5.0-8; Certificates are generated and managed on the GUI.
Here are a number of questions:
-
Is it possible to add additional fields to the certificates before they are created? What I mean is if it would be possible to add Subject Alternative Name - Other name: Principal name user@domian.dn
The reason for this is that the current certificate has only one distinguishable field, the CN. We would like to have two or more for the VPN auth to rely on. -
Once the certificates are created in
/etc/univention/ssl/user/<username>
how can you make them available to the end user? We tried setting up a share that would follow symlinks but it didn’t work. Coping certificates to another location isn’t very efficient and complicates things like integrity checks. -
How do you deploy the certs to Windows machines? Is there a better way than a logon script installing user cert from previously mentioned Samba share?
Any suggestions are greatly appreciated