This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
userspace:zertifikats_import [2012/06/19 11:00] tobias created |
userspace:zertifikats_import [2019/02/18 23:26] tobias |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== +++ Since new OPSI KIOSK application, | ||
+ | |||
======ImportCert====== | ======ImportCert====== | ||
Script by tobias \\ | Script by tobias \\ | ||
Comments and improvements welcome \\ | Comments and improvements welcome \\ | ||
+ | This script comes with ABSOLUTELY NO WARRANTY \\ | ||
+ | |||
Tested with opsi 4.0.2 \\ | Tested with opsi 4.0.2 \\ | ||
Line 7: | Line 11: | ||
Tested with Windows 7 Enterprise x86 \\ | Tested with Windows 7 Enterprise x86 \\ | ||
- | Import des opsiclientd Zertifikats | + | If you want to use the OPSI Software Kiosk you have one Problem: The certificate errors.\\ |
- | Das Script wandelt das PEM Zertifikat | + | This OPSI-Package generates a new OPSI Client certificate with 2 domains |
- | Nach diesem Vorgang wird keine Zertifikatswarnung mehr angezeigt. | + | The hostname and localhost.\\ |
- | Damit dies Script funktioniert, | + | After that the script imports the new certificate into the local certificate storage on the Client.\\ |
- | Achtung: Firefox verwendet nicht den Windows Zertifikatsspeicher ! | + | Attention: Firefox has it's own Certificate Storage !\\ |
+ | Achtung: Firefox verwendet nicht den Windows Zertifikatsspeicher !\\ | ||
+ | ( comment from wolfbardo : you can use the mozilla-nss utils to import in mozilla certifikate storage \\ | ||
+ | see https:// | ||
+ | |||
+ | You need the CertMgr.Exe. \\ | ||
+ | Copy this tool into your package folder (%SCRIPTPATH%)\\ | ||
+ | CertMgr is available as part of the Windows SDK. [[http:// | ||
+ | |||
+ | |||
+ | Every time you reinstall or update the Opsi-Client-Agent you must set this package to setup again. The Opsi-Client-Agent installer will override your own certificate... | ||
+ | |||
+ | After using this script, restart your client! | ||
==== import.ins ==== | ==== import.ins ==== | ||
<code winst> | <code winst> | ||
- | |||
[initial] | [initial] | ||
- | message " | ||
[Actions] | [Actions] | ||
+ | Patches_opsiclientd_cnf %Systemdrive%\TEMP\opsiclientd.cnf | ||
+ | message " | ||
+ | DosInAnIcon_generateCert | ||
+ | message " | ||
DosInAnIcon_import | DosInAnIcon_import | ||
+ | |||
+ | [Patches_opsiclientd_cnf] | ||
+ | |||
+ | Add [req] default_bits = 1024 | ||
+ | Add [req] encrypt_key = yes | ||
+ | Add [req] distinguished_name = req_dn | ||
+ | Add [req] x509_extensions = v3_req | ||
+ | Add [req] prompt = no | ||
+ | |||
+ | |||
+ | Add [req_dn] C=DE | ||
+ | Add [req_dn] ST=Niedersachsen | ||
+ | Add [req_dn] L=Braunschweig | ||
+ | Add [req_dn] O=< | ||
+ | Add [req_dn] OU=OPSI-Client | ||
+ | Add [req_dn] CN=%IPName% | ||
+ | Add [req_dn] emailAddress=< | ||
+ | |||
+ | Add [v3_req] nsCertType = server | ||
+ | Add [v3_req] basicConstraints = CA:FALSE | ||
+ | Add [v3_req] keyUsage = nonRepudiation, | ||
+ | Add [v3_req] subjectAltName = @alt_names | ||
+ | |||
+ | |||
+ | Add [alt_names]DNS.1 = %IPName% | ||
+ | Add [alt_names]DNS.2 = localhost | ||
+ | |||
+ | |||
+ | |||
+ | [DosInAnIcon_generateCert] | ||
+ | |||
+ | " | ||
[DosInAnIcon_Import] | [DosInAnIcon_Import] | ||
- | message " | + | |
" | " | ||
- | message " | + | |
%scriptpath%\CertMgr.exe -add -c " | %scriptpath%\CertMgr.exe -add -c " | ||
- | |||
- | |||
</ | </ |