Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: bpivk on November 19, 2006, 08:16:55 PM

Title: Custom certificate changing to default
Post by: bpivk on November 19, 2006, 08:16:55 PM

Hy
I have a little problem

I made a custom certificate using the old howto on phpwiki. The certificate has the right admin e-mail. The certificate that sme builds has the mail admin@server.name.com and my custom certificate uses the mail admin@name.com. So i need to do something to force the server to use my certificate (which gets deleted when i do some updating or something similar) or to modify the custom template to show the proper mail.

Now how could i do something like that?

Title: Custom certificate changing to default
Post by: dmay on November 19, 2006, 09:01:00 PM

http://bugs.contribs.org/show_bug.cgi?id=1689

The above Bug Tracker ticket includes a custom template of ssl.crt that overrides the default admin e-mail of admin@$FQDN to admin@$DomainName. In addition it permits you to overide the certificate common name. The code below walks you through all required steps:

Code: [Select]

mkdir -p /etc/e-smith/templates-custom/home/e-smith
cd /etc/e-smith/templates-custom/home/e-smith
wget http://bugs.contribs.org/attachment.cgi?id=635 -O ssl.crt
/sbin/e-smith/config setprop modSSL CommonName "blah"
signal-event domain-modify
Darrell

Title: Custom certificate changing to default
Post by: bpivk on November 19, 2006, 10:47:10 PM

Thanks
I noticed that post but i didn't notice the difference between @$FQDN and @$DomainName.  :oops:

This is just what i need.
But where do i insert my Common Name?
Is this a remake of the file found in phpwiki or it's the same file as the original from SME only that the @$FQDN and @$DomainName are changed?

Title: Custom certificate changing to default
Post by: william_syd on November 19, 2006, 11:51:02 PM

Quote from: "bpivk"

Thanks
I noticed that post but i didn't notice the difference between @$FQDN and @$DomainName.  :oops:

This is just what i need.
But where do i insert my Common Name?
Is this a remake of the file found in phpwiki or it's the same file as the original from SME only that the @$FQDN and @$DomainName are changed?

The one from the wiki starts with..

Code: [Select]

{
    use constant KEYLIFEINDAYS => 365;
    use Cwd;
    my $here = getcwd;

    my $FQDN = "$SystemName.$DomainName";
    my $crt = "/home/e-smith/ssl.crt/$FQDN.crt";
    my $key = "/home/e-smith/ssl.key/$FQDN.key";
    my $defaultCity = $ldap{defaultCity};
    my $defaultCompany = $ldap{defaultCompany};
    my $defaultDepartment = $ldap{defaultDepartment};
    my $email = "admin\@$DomainName";
    my $CommonName = "server.example.com";

You have probably Modified the CommonName just do the same for email.

Replace  admin\@$DomainName with your email address.

Then

Code: [Select]

signal-event domain-modify

Admittedly, Dmays method is more flexible.

Title: Custom certificate changing to default
Post by: william_syd on November 19, 2006, 11:59:03 PM

In fact, admin\@$DomainName IS probably what you want.

We are talking the same how-to..
http://no.longer.valid/phpwiki/index.php/Creating%20a%20Custom%20signed%20SSL%20Certificate

and you did put the new ssl.crt file into

Code: [Select]

/etc/e-smith/templates-custom/home/e-smith

Note the templates-custom directory.

Title: Custom certificate changing to default
Post by: william_syd on November 20, 2006, 12:08:00 AM

Quote from: "bpivk"

But where do i insert my Common Name?
Is this a remake of the file found in phpwiki

You do not modify ssl.crt if you use the dmay method.

Set your CommonName via the configuration database with the command..

Code: [Select]

/sbin/e-smith/config setprop modSSL CommonName "blah" where "blah" is your CommonName.

It was spelt out in dmay's first post.

Title: Custom certificate changing to default
Post by: bpivk on November 20, 2006, 02:44:12 PM

Ok, got it

Thanks