User Tools

Site Tools


userspace:zertifikats_import

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

userspace:zertifikats_import [2012/12/06 08:32]
wolfbardo
userspace:zertifikats_import [2021/08/23 08:37]
Line 1: Line 1:
-======ImportCert====== 
-Script by tobias \\ 
-Comments and improvements welcome \\ 
  
-Tested with opsi 4.0.2 \\ 
-Tested with opsi-winst 4.11.2.5 \\ 
-Tested with Windows 7 Enterprise x86 \\ 
- 
-If you want to use the OPSI Software Kiosk you have one Problem: The certificate errors.\\ 
-This OPSI-Package generates a new OPSI Client certificate with 2 domains in it.\\ 
-The hostname and localhost.\\ 
-After that the script imports the new certificate into the local certificate storage on the Client.\\ 
- 
-Attention: Firefox has it's own Certificate Storage !\\ 
-Achtung: Firefox verwendet nicht den Windows Zertifikatsspeicher !\\ 
- 
-( comment from wolfbardo : you can use the mozilla-nss utils to import in mozilla certifikate storage \\  
-see https://forum.opsi.org/wiki/userspace:mozilla_nss ) \\ 
- 
-You need the CertMgr.Exe. \\ 
-Copy this tool into your package folder (%SCRIPTPATH%)\\ 
-CertMgr is available as part of the Windows SDK.      [[http://go.microsoft.com/fwlink/p/?linkid=84091]] 
- 
- 
-Every time you reinstall or update the Opsi-Client-Agent you must set this package to setup again. The Opsi-Client-Agent installer will override your own certificate... 
-==== import.ins ==== 
- 
-<code winst> 
-[initial] 
- 
-[Actions] 
-Patches_opsiclientd_cnf %Systemdrive%\TEMP\opsiclientd.cnf 
-message "Generiere Software Service Zertifikat" 
-DosInAnIcon_generateCert 
-message "Importiere Zertifikat in den Zertifikatsspeicher" 
-DosInAnIcon_import 
- 
-[Patches_opsiclientd_cnf] 
- 
-Add [req] default_bits = 1024 
-Add [req] encrypt_key = yes 
-Add [req] distinguished_name = req_dn 
-Add [req] x509_extensions = v3_req 
-Add [req] prompt = no 
- 
- 
-Add [req_dn] C=DE 
-Add [req_dn] ST=Niedersachsen 
-Add [req_dn] L=Braunschweig 
-Add [req_dn] O=<company.domain> 
-Add [req_dn] OU=OPSI-Client 
-Add [req_dn] CN=%IPName% 
-Add [req_dn] emailAddress=<mailadress> 
- 
-Add [v3_req] nsCertType = server 
-Add [v3_req] basicConstraints = CA:FALSE 
-Add [v3_req] keyUsage = nonRepudiation, digitalSignature, keyEncipherment 
-Add [v3_req] subjectAltName = @alt_names 
- 
- 
-Add [alt_names]DNS.1 = %IPName% 
-Add [alt_names]DNS.2 = localhost 
- 
- 
- 
-[DosInAnIcon_generateCert] 
- 
-"%ProgramFiles32Dir%\openssl\bin\openssl" req -new -x509 -days 1000 -nodes -config %Systemdrive%\TEMP\opsiclientd.cnf -out "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" -keyout "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" 
-net stop opsiclientd 
-net start opsiclientd 
- 
-[DosInAnIcon_Import] 
- 
-"%ProgramFilesDir%\OpenSSL\bin\openssl" x509 -outform der -in "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" -out "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.der" 
- 
-%scriptpath%\CertMgr.exe -add -c "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.der" -s -r localMachine AuthRoot 
- 
-</code> 
userspace/zertifikats_import.txt ยท Last modified: 2021/08/23 08:37 (external edit)