Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- lx:ucs:ca [02.04.2025 17:14] – [CodeSigning] Andy Haubenschmid
+++ lx:ucs:ca [02.04.2025 21:06] (aktuell) – [CodeSigning] Andy Haubenschmid
@@ Zeile 72: / Zeile 72: @@
 To generate a CodeSigning Cert with the Univention CA, follow these steps:
-  - create a new cert by
+  - create a new cert by using univention-certificate new, use a name you recognize as CS Cert
+  - create a special extension file
+  - generate the cert again manually by the CA with the extension
+  - use this cert for signing
+<code>
+declare -x CertName=CodeSign-YourName
+declare -x ExportPassword=SuperSecurePasswordForP12File
+echo \(`date -d 18-Oct-2027 +'%s'` - `date +'%s'`\) /86400 |bc > days
+declare -x days=`cat days`
+. /usr/share/univention-ssl/make-certificates.sh
+univention-certificate new -name "${CertName}" -days ${days}
+cd /etc/univention/ssl/${CertName}
+echo "
+authorityKeyIdentifier = keyid,issuer
+basicConstraints       = CA:FALSE
+subjectAltName         = @alt_names
+extendedKeyUsage       = codeSigning
+[alt_names]
+DNS.1 = ${CertName}
+" > code_sign_cert.conf
+grep output_password /etc/univention/ssl/openssl.cnf
+openssl x509 -req -CA ../ucsCA/CAcert.pem -CAkey ../ucsCA/private/CAkey.pem -in req.pem -out cert.pem -days ${days} -CAcreateserial -extfile code_sign_cert.conf
+openssl pkcs12 -export -out /root/${CertName}.p12 -in cert.pem -inkey private.key -passout pass:${ExportPassword}
+</code>
+created with thanks to the infos found here: [[https://stackoverflow.com/questions/72207572/how-to-create-a-self-signed-code-signing-certificate-from-a-csr]]

AHa-IT

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge