Hello,
I read article about using user certificates
wiki.univention.de/index.php?tit … rtificates
and installed all packages that are described there.
Then I ticked “Create/Revoke Certificate” for TestTest user. I thought that action was performed by web UI, because I didn’t get any error messages.
But when I checked content of folder “/etc/univention/ssl/user/TestTest” I found the following:
-rw-r-x--- 1 TestTest Domain Admins 3299 Июл 26 04:08 openssl.cnf
-rw-r-x--- 1 TestTest Domain Admins 1675 Июл 26 04:08 private.key
-rw-r-x--- 1 TestTest Domain Admins 1180 Июл 26 04:08 req.pem
-rw-r-x--- 1 TestTest Domain Admins 9 Июл 26 04:08 TestTest-p12-password.txt
It looked like there is no certificate, which had to be created by UCS.
Next I increased debug level of the listener and I got this:
LISTENER ( INFO ) : manageusercertificate: handler
LISTENER ( INFO ) : manageusercertificate: create cert TestTest
LISTENER ( INFO ) : manageusercertificate: run /usr/sbin/univention-certificate-user check -name 'TestTest' -cn 'TestTest' -sslbase '/etc/univention/ssl' -ca 'ucsCA'
LISTENER ( INFO ) : manageusercertificate: run /usr/sbin/univention-certificate-user new -name 'TestTest' -cn 'TestTest' -days '365' -email 'xxx@yyy.com' -organizationalunit 'Univention Corporate Server' -certpath '/etc/univention/ssl/user' -sslbase '/etc/univention/ssl' -ca 'ucsCA' -admingroup 'Domain Admins' -state 'US' -organization 'ZZZ' -country 'US' -locality 'US'
LISTENER ( ERROR ) : manageusercertificate: failed to add certificate to uid=TestTest,cn=users,dc=zzz,dc=local ([Errno 2] No such file or directory: '/etc/univention/ssl/user/TestTest/cert.cer')
LISTENER ( INFO ) : manageusercertificate: handler successfully finished
LISTENER ( INFO ) : handler: manageusercertificate (successful)
LISTENER ( INFO ) : handler: faillog (successful)
I tried to create user certificate manually but attempt failed.
# /usr/sbin/univention-certificate-user new -name 'TestTest' -cn 'TestTest' -days '365' -email 'xxx@yyy.com' -organizationalunit 'Univention Corporate Server' -certpath '/etc/univention/ssl/user' -sslbase '/etc/univention/ssl' -ca 'ucsCA' -admingroup 'Domain Admins' -state 'US' -organization 'zzz' -country 'US' -locality 'US'
Creating certificate: TestTest
/usr/share/univention-ssl/make-certificates-user.sh: line 86: test: too many arguments
Generating RSA private key, 2048 bit long modulus
..................................+++
.........................................................+++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:State or Province Name (full name) [US]:Locality Name (eg, city) [US]:Organization Name (eg, company) [ZZZ]:Organizational Unit Name (eg, section) [Univention Corporate Server]:Common Name (eg, YOUR name) [TestTest]:Email Address [xxx@yyy.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name [Univention GmbH]:Using configuration from openssl.cnf
error on line 31 of config file 'openssl.cnf'
139892952479400:error:0E065068:configuration file routines:STR_COPY:variable has no value:conf_def.c:585:line 31
Error opening Certificate /etc/univention/ssl/user/TestTest/cert.pem
140650868168360:error:02001002:system library:fopen:No such file or directory:bss_file.c:391:fopen('/etc/univention/ssl/user/TestTest/cert.pem','r')
140650868168360:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:393:
unable to load certificate
Error opening input file /etc/univention/ssl/user/TestTest/cert.pem
/etc/univention/ssl/user/TestTest/cert.pem: No such file or directory
Could you help me to resolve that?
Thanks in advance.