Certificate

From SME Server
Revision as of 15:36, 10 May 2010 by Timn (talk | contribs)
Jump to navigationJump to search


Custom Certificate for SME 7.x

Maintainer

Dietmar Berteld
mailto:dietmar@berteld.com

This RPM is based on Nick Critten's great howto. Thanks a lot Nick for your brillant work!

Description

With this RPM-package you can simply set up a new SSL certificate on your SME7 server with a custom Common Name. When installing SME Server, you get a default certificate with the information http://www.xyzcorp.xxx/ and XYZ Corporation. With this package, the certificate information will be updated with the following information:

  • FQDN (Full Qualified Domain Name), which is SystemName.DomainName', e.g. home.myserver.com
  • City, which depends on your given info in server manager's directory section
  • Company, which depends on your given info in server manager's directory section
  • Department, which depends on your given info in server manager's directory section
  • E-Mail, which is admin@FQDN

The default length of time for this certificate is 365 days.

Download

You can download this package at smeserver-certificate . If you would like to save it directly on your SME Server, you should give this command at a linux-prompt

wget http://mirror.contribs.org/smeserver/contribs/dberteld/certificate/smeserver-certificate-1.0-1.noarch.rpm

Installation and Uninstall

For installation just enter the following command

yum localinstall smeserver-certificate-1.0-1.noarch.rpm 

For uninstall just enter the following command

yum remove smeserver-certificate

You can ignore the yum-comments signal event post-upgrade and signal-event reboot.

Use

The package installs a custom template in

/etc/e-smith/templates-custom/home/e-smith/ssl.crt 

With the Custom Template installed the cert will be rebuilt if:

  • $defaultCity
  • $defaultCompany
  • $defaultDepartment
  • $domainName

are changed.

So normally you don't have to do anything in addition.

Tips

To change the length of time before a certificate expires, change Line 2 of the ssl.crt script

use constant KEYLIFEINDAYS => 365;

Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095, etc.)

use constant KEYLIFEINDAYS => 730;

You can change your desired Common Name (FQDN) in line 12. For doing this, change the default info

my $CommonName = $FQDN;

to your desired name

my $CommonName = "special.myserver.com";


After changing your infos, you have to update your certificate manually with

signal-event domain-modify
signal-event email-update 


Additional information

For additional information see this thread.

Custom Certificate for SME 7.1.3 and above

you only need to do this as the functionality has been added into the main SME packages:

config setprop modSSL CommonName www.domain.com
expand-template /home/e-smith/ssl.crt/crt
expand-template /home/e-smith/ssl.key/key
signal-event domain-modify
signal-event email-update 

see [1] and [2]

Unnilennium