Software-on-demand certificate
Verfasst: 06 Mai 2014, 18:44
I now have a few products in the software-on-demand group, it works good!
However, the user still has to create a security exception, even after importing the certificates. I know the import of the certificates is working now, because the only error is that the certificate isn't valid for the site.
I created an link on the desktop to the URL: https://localhost:4441/swondemand
The certificate installed in "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" that gets imported of course is valid for opsitest32.gcecad-service.local, of course this is the hostname of the client.
Changing the URL to https://opsiclient32.gcecad-service.loc ... swondemand results in OPSI asking for a password. This is of course desired when contacting that client from the network.
Browser is Mozilla Firefox ESR 24.5.0, OPSI is 4.0.4 with clients for that version.
Importing clients is done via the Mozilla NSS utility, with instructions nicked off of the mozilla-nss package. Of course I deleted the local user profile before testing this, so the default profile settings get used.
So what do I need to do so make software-on-demand doesn't need the security exception on firefox?

However, the user still has to create a security exception, even after importing the certificates. I know the import of the certificates is working now, because the only error is that the certificate isn't valid for the site.
I created an link on the desktop to the URL: https://localhost:4441/swondemand
The certificate installed in "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" that gets imported of course is valid for opsitest32.gcecad-service.local, of course this is the hostname of the client.
Changing the URL to https://opsiclient32.gcecad-service.loc ... swondemand results in OPSI asking for a password. This is of course desired when contacting that client from the network.
Browser is Mozilla Firefox ESR 24.5.0, OPSI is 4.0.4 with clients for that version.
Importing clients is done via the Mozilla NSS utility, with instructions nicked off of the mozilla-nss package. Of course I deleted the local user profile before testing this, so the default profile settings get used.
Code: Alles auswählen
; bookmarks.html is an empty file of 0 bytes
"%ScriptPath%\nss\bin\certutil.exe" -N -f "%ScriptPath%\files\bookmarks.html" -d "$InstallDir32$\browser\defaults\profile"
"%ScriptPath%\nss\bin\certutil.exe" -A -f "%ScriptPath%\files\bookmarks.html" -n "CAcert.org - Class 1 PKI Key" -t "C,C,C" -i "%ScriptPath%\files\cacert.org-root.der" -d "$InstallDir32$\browser\defaults\profile"
"%ScriptPath%\nss\bin\certutil.exe" -A -f "%ScriptPath%\files\bookmarks.html" -n "CAcert.org - Class 3 PKI Key" -t "C,C,C" -i "%ScriptPath%\files\cacert.org-class3.der" -d "$InstallDir32$\browser\defaults\profile"
"%ScriptPath%\nss\bin\certutil.exe" -A -f "%ScriptPath%\files\bookmarks.html" -n "OPSI Client certificate" -t "PTC,PTC,PTC" -i "%ProgramFiles32Dir%\opsi.org\opsi-client-agent\opsiclientd\opsiclientd.pem" -d "$InstallDir32$\browser\defaults\profile"
"%ScriptPath%\nss\bin\certutil.exe" -A -f "%ScriptPath%\files\bookmarks.html" -n "OPSI Server certificate" -t "PTC,PTC,PTC" -i "%ScriptPath%\files\opsiconfd.pem" -d "$InstallDir32$\browser\defaults\profile"