I have been trying to generate custom cert using Nick's templace found at:
http://mirror.contribs.org/smeserver/contribs/nickcritten/howtos/ssl7_files/ssl.crt I have been communicating with Nick through email on some doubts I had.
I am copying the same into this Forum topic for the benefit of all, and also to ask a few more clarifications.
--------------------------------------------------------------------------------------
Hi Festus,
Once the new template has been copied into the templates-custom directory, anything that triggers the signal-event domain-modify will cause the Caertificate to be rebuilt.
So if you edit anything in 'Directory' in server manager, the cert will be generated.. Also if you change the system name, change domain details etc.etc
Nick
On Tue, 1 Aug 2006 19:39:45, festus@planettel.com.sg < festus@planettel.com.sg> wrote:
Dear Nick,
Many thanks for the prompt reply with clarification.
One item still not clear ?
When does the new certificate generated by your script take effect ? I was assuming that only if I go to the last step:
'signal-event domain-modify ' then the new cert will be generated. Looks like my understanding was wrong.
Does it mean, once I have downloaded the file ssl.crt into the
custom folder: /etc/e-smith/templates-custom/home/e-smith, the new cert will be automatically generated ?
Thanks for your clarification.
I will post this discussion onto the Forum, after your reply.
Best Reagrds,
Festus
Original Message -----------------------
Hi Festus,
1)
To change the length of time before a certificate expires, change Line 2 of
the ssl.crt script
e.g.
use constant KEYLIFEINDAYS => 365;
Change 365 to the number of days to expire by (2Years = 730, 3Years = 1095,
etc. etc.)
2)
If the common name reverted back to the one in my script then it looks like
you haven't done step 5:
5) Edit the template to insert your desired Common Name (Line 13)
If you have already done this, then make sure that you have edited the
correct template
i.e
/etc/e-smith/templates-custom/home/e-smith
NOT
/etc/e-smith/templates/home/e-smith
If you get any more problems, then please post a message in sme7.x Contribs
Then drop me an email so I know it is in there.
Hope this helps.
Nick
On Tue, 1 Aug 2006 17:00:18, festus@planettel.com.sg <
festus@planettel.com.sg> wrote:
> Dear Nick,
>
> Following my earlier email to you, wanted to update you with once
experience I had with your script and request for clarification.
>
> I had already installed the ssl generated by the sme 7.0 by default, in a
number of PCs and the outlook exp was working fine without new pop-up
alerts.
>
> Yesterday I followed the instruction given by you in the following
document.
>
> Custom SSL Certificate on SME 7.0
> Version1.1
>
> I had gone up to the step 4 and let it like that.
> This afternoon we made a simple config change to enable spam blocking in
the smeserver-admin panel and saved the change.
> Lo and behold the server had autogenerated a new cert based on
> your default common name 'slewth...hk...' etc.
>
> suddently all the outlook failed to work and we had to custom generate the
cert using the proper common name and install the cert again in all the PCs.
>
> Can you explain why did this happen ?
>
> Would this mean that, in future if we make some other config change in the
sme7.0 from the control panel, it will generate again a new cert valid from
that new date ???
>
> Worried....
>
> Please help to explain what happened and whether I will get such surprises
in future.
>
> Many thanks for your advise.
>
> Best Regards,
>
> Festus Thomas