ich habe Dein Script etwas angepasst. Bei uns ist der Client-Agent durch den restart in Deinem Script während der Installation hängen geblieben (Win7-x64).
So habe ich es jetzt gemacht (Zertifikat sollte jetzt ca. 10 Jahre gültig sein):
Code: Alles auswählen
[initial]
[Actions]
showBitmap "%ScriptPath%\certificate.png" "Client-Zertifikat"
Patches_opsiclientd_cnf %Systemdrive%\TEMP\opsiclientd.cnf
message "Generiere Software Service Zertifikat"
DosInAnIcon_generateCert
message "Importiere Zertifikat in den Zertifikatsspeicher"
DosInAnIcon_import
exitWindows /reboot
[Patches_opsiclientd_cnf]
Add [req] default_bits = 1024
Add [req] encrypt_key = yes
Add [req] distinguished_name = req_dn
Add [req] x509_extensions = v3_req
Add [req] prompt = no
Add [req_dn] C=DE
Add [req_dn] ST=Niedersachsen
Add [req_dn] L=<City>
Add [req_dn] O=<domain.name>
Add [req_dn] OU=OPSI-Client
Add [req_dn] CN=%IPName%
Add [req_dn] emailAddress=<mailadresse@domain.name>
Add [v3_req] nsCertType = server
Add [v3_req] basicConstraints = CA:FALSE
Add [v3_req] keyUsage = nonRepudiation, digitalSignature, keyEncipherment
Add [v3_req] subjectAltName = @alt_names
Add [alt_names]DNS.1 = %IPName%
Add [alt_names]DNS.2 = localhost
[DosInAnIcon_generateCert]
"%ProgramFiles32Dir%\openssl\bin\openssl" req -new -x509 -days 3650 -nodes -config %Systemdrive%\TEMP\opsiclientd.cnf -out "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" -keyout "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem"
[DosInAnIcon_Import]
"%ProgramFilesDir%\OpenSSL\bin\openssl" x509 -outform der -in "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" -out "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.der"
%scriptpath%\CertMgr.exe -add -c "%ProgramFilesDir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.der" -s -r localMachine AuthRootLars
