Hmm, there is no such command you mentioned, where do you find that instruction? BTW: please use the “Administrator” for the gui, but for the terminal use “root” account.
I will guide you, how to use that cool solution.
- After successfully installed the cool solution, it does nothing automatically.
- Please read the instructions carefully, run
univention-run-join-scriptsand have a look at the screenshots - For each User or Computer in LDAP, where you want to have a certificate, please active the checkbox in the Web GUI interface in the User or Computer module
3.1 for a user: Public key infrastructure account and Create/Revoke User Certificate
3.2 for a computer: Public key infrastructure account and Create/Revoke Certificate - these activation could also be archived by udm command in ssh terminal, for example:
udm users/user create --ignore_exists --position "cn=users,$(ucr get ldap/base)" --set username="user1" --set lastname="user1" --set password="univention"
udm users/user modify --append-option pki --dn "uid=user1,cn=users,$(ucr get ldap/base)"
udm users/user modify --set createRevokeCertificate=1 --dn "uid=user1,cn=users,$(ucr get ldap/base)"
udm computers/windows create --ignore_exists --position "cn=computers,$(ucr get ldap/base)" --set name="win1"
udm computers/windows modify --append-option pki --dn "cn=win1,cn=computers,$(ucr get ldap/base)"
udm computers/windows modify --set createRevokeCertificateWindows=1 --dn "cn=win1,cn=computers,$(ucr get ldap/base)"
- check the result in terminal
~# ls /etc/univention/ssl/user/user1/
cert.cer cert.pem openssl.cnf private.key req.pem user1.p12 user1-p12-password.txt
~# ls /etc/univention/ssl/windows-hosts/win1\$/
cert.cer cert.pem openssl.cnf private.key req.pem 'win1$.p12' 'win1$-p12-password.txt'
- Think about what you want to archive with these certificates, i.e a rollout to the windows client is not part of the cool solution. You need some MDM tool like filewave or opsi for that.