How to install SSL certificate in opsi?

Antworten
mathew
Beiträge: 2
Registriert: 22 Jan 2018, 08:32

How to install SSL certificate in opsi?

Beitrag von mathew »

Hi everyone,

I have a problem about SSL certificate.

OS: debian 9.3 in hyper-V
computer name : abc.domain.com
public ip address : abc.domain.com

I already have a wildcard SSL certificates by another IIS web server and verifyed by COMODO.
When I install opsi by installation manual, In the step

Code: Alles auswählen

# aptitude install opsi-configed
I need enter the self-signed SSL content.

http://download.uib.de/opsi_stable/doc/ ... ble-en.pdf
page.18


The IIS SSL is .pfx, so I use openssl to get server.key, server.pem and ca.crt.
private key = server.key
server key = server.pem
comodo ca = ca.crt

There are default SSL file path in /etc/opsi/opsiconfd.conf

Code: Alles auswählen

[service]
ssl server cert = /etc/opsi/opsiconfd.pem
ssl server key = /etc/opsi/opsiconfd.pem
I type opsi url https://(server_internal_IP):4447/
then browser show "Your connection is not secure" because I know the ssl is self-signed.

I type opsi url https://abc.domain.com:4447/
"Your connection is not secure".

Then I change the default ssl and restart opsiconfd.

Code: Alles auswählen

[service]
ssl server cert = /etc/opsi/server.pem
ssl server key = /etc/opsi/server.key

Code: Alles auswählen

#service opsiconfd restart
I type opsi url https://abc.domain.com:4447/
Browser show" Unable to connect".

https://(server_internal_IP):4447/
Browser show "Unable to connect".

Does anyone know how to install ssl in opsi currently?
Benutzeravatar
wolfbardo
uib-Team
Beiträge: 1354
Registriert: 01 Jul 2008, 12:10

Re: How to install SSL certificate in opsi?

Beitrag von wolfbardo »

mmh, is after the restart the opsiconfd really running?

Have a look at

Code: Alles auswählen

/var/log/opsi/opsiconfd.log
perhaps you have to increase the loglevel of the opsiconfd

regards,
Bardo Wolf


OPSICONF 2024
https://opsi.org/en/opsiconf/

opsi-Basisworkshops:

22. - 25. 04. 2024


opsi support - uib gmbh
For productive opsi installations we recommend maintainance + support contracts which are the base of opsi development.

http://www.uib.de
mathew
Beiträge: 2
Registriert: 22 Jan 2018, 08:32

Re: How to install SSL certificate in opsi?

Beitrag von mathew »

Code: Alles auswählen

# ls -a /var/log/opsi/
.  bootimage      instlog     .opsiconfd.log.swo userlogin
.. clientconnect  opsiconfd   opsipxeconfd.log
Both .opsiconfd.log.swo and opsiconfd files are empty.
The opsiconfd is not restart currently?

Code: Alles auswählen

# service --status-all
[ - ] opsi-atftpd
[ + ] opsiconfd
[ + ] opsipxeconfd
Benutzeravatar
wolfbardo
uib-Team
Beiträge: 1354
Registriert: 01 Jul 2008, 12:10

Re: How to install SSL certificate in opsi?

Beitrag von wolfbardo »

sorry for the typo:

the opsiconfd.log is in

Code: Alles auswählen

/var/log/opsi/opsiconfd/opsiconfd.log
regards,

Bardo Wolf


OPSICONF 2024
https://opsi.org/en/opsiconf/

opsi-Basisworkshops:

22. - 25. 04. 2024


opsi support - uib gmbh
For productive opsi installations we recommend maintainance + support contracts which are the base of opsi development.

http://www.uib.de
Antworten