This shows you the differences between two versions of the page.
userspace:zertifikats_import [2012/12/06 08:32] wolfbardo |
userspace:zertifikats_import [2021/08/23 08:37] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ======ImportCert====== | ||
- | Script by tobias \\ | ||
- | Comments and improvements welcome \\ | ||
- | Tested with opsi 4.0.2 \\ | ||
- | Tested with opsi-winst 4.11.2.5 \\ | ||
- | Tested with Windows 7 Enterprise x86 \\ | ||
- | |||
- | If you want to use the OPSI Software Kiosk you have one Problem: The certificate errors.\\ | ||
- | This OPSI-Package generates a new OPSI Client certificate with 2 domains in it.\\ | ||
- | The hostname and localhost.\\ | ||
- | After that the script imports the new certificate into the local certificate storage on the Client.\\ | ||
- | |||
- | Attention: Firefox has it's own Certificate Storage !\\ | ||
- | Achtung: Firefox verwendet nicht den Windows Zertifikatsspeicher !\\ | ||
- | |||
- | ( comment from wolfbardo : you can use the mozilla-nss utils to import in mozilla certifikate storage \\ | ||
- | see https:// | ||
- | |||
- | You need the CertMgr.Exe. \\ | ||
- | Copy this tool into your package folder (%SCRIPTPATH%)\\ | ||
- | CertMgr is available as part of the Windows SDK. [[http:// | ||
- | |||
- | |||
- | Every time you reinstall or update the Opsi-Client-Agent you must set this package to setup again. The Opsi-Client-Agent installer will override your own certificate... | ||
- | ==== import.ins ==== | ||
- | |||
- | <code winst> | ||
- | [initial] | ||
- | |||
- | [Actions] | ||
- | Patches_opsiclientd_cnf %Systemdrive%\TEMP\opsiclientd.cnf | ||
- | message " | ||
- | DosInAnIcon_generateCert | ||
- | message " | ||
- | DosInAnIcon_import | ||
- | |||
- | [Patches_opsiclientd_cnf] | ||
- | |||
- | Add [req] default_bits = 1024 | ||
- | Add [req] encrypt_key = yes | ||
- | Add [req] distinguished_name = req_dn | ||
- | Add [req] x509_extensions = v3_req | ||
- | Add [req] prompt = no | ||
- | |||
- | |||
- | Add [req_dn] C=DE | ||
- | Add [req_dn] ST=Niedersachsen | ||
- | Add [req_dn] L=Braunschweig | ||
- | Add [req_dn] O=< | ||
- | Add [req_dn] OU=OPSI-Client | ||
- | Add [req_dn] CN=%IPName% | ||
- | Add [req_dn] emailAddress=< | ||
- | |||
- | Add [v3_req] nsCertType = server | ||
- | Add [v3_req] basicConstraints = CA:FALSE | ||
- | Add [v3_req] keyUsage = nonRepudiation, | ||
- | Add [v3_req] subjectAltName = @alt_names | ||
- | |||
- | |||
- | Add [alt_names]DNS.1 = %IPName% | ||
- | Add [alt_names]DNS.2 = localhost | ||
- | |||
- | |||
- | |||
- | [DosInAnIcon_generateCert] | ||
- | |||
- | " | ||
- | net stop opsiclientd | ||
- | net start opsiclientd | ||
- | |||
- | [DosInAnIcon_Import] | ||
- | |||
- | " | ||
- | |||
- | %scriptpath%\CertMgr.exe -add -c " | ||
- | |||
- | </ |