SUMMARY
Explains command syntax and options for the cmc_cert_util script, included in unitrends-rr-9.0+ RPMs.
DESCRIPTION
This article is no longer valid, please follow the steps in User Installation of Apache SSL/TLS Certificates on a Unitrends system.
The cmc_cert_util script, included in Unitrends Backup 9.0 and above, allows the user to perform various functions relating to the embedded web server and SSL certificates.
Create a New Signing Request:
Use the "req" option to create new signing request. This will generate a new private key of size 2048 bits and create the x509 certificate signing request using this key. The .key and .csr files are named according to the <prefix> (default value is the system hostname).
Use -K to specify the full path to an existing private key file
Use -s to self sign the certificate
An arbitrary number of DNS names and IP addresses may be included by specifying additional -d or -i parameters. These will be included in the signing request in the 'subjectAltName' section.
[root@hostname]# cmc_cert_util req -hv usage: cmc_cert_util req [-h] [-v] [-p] [-d <dnsname> ...] [-i <ip_adress>...] [-e email address ] [-k <keybits>] [<prefix>] -h print this message [true] -v print additional information [false] -d subjectAlternate Name DNS [] -i subjectAltername IP [] -e email address [] -k bits in private key [2048] -K <KEYFILE> [] -p Prompt for C,ST,L,O,OU [false] -s Self Sign the certificate [false] output file <prefix> [hostname]
Install New, Signed Certificate:
The "install" option is used to install the newly signed certificate (and optional certificate chain) on the local appliance. The script will also restart the web server if so instructed. If overwriting the existing certificate and private key, the destination filename is derived from entries in the /etc/httpd/conf.d/ssl.conf file. If instantiating a new certificate and key, the /etc/httpd/conf.d/ssl.conf file is updated to point to the new files. The web server must be restarted before these changes take effect.
[root@hostname]# cmc_cert_util install -vh usage: cmc_cert_util install [-h] [-v] [-r] [-y] -o | -n -d <cert directory> [<prefix>] -h Print this message [true] -v Print additional information [false] -r Restart web server [false] -y Execute without prompt [false] -o Overwrite exising cert/key [false] -n Instantiate as new cert/key [true] -d Directory for new certs [] input file <prefix> [hostname]
Restore Configuration Settings:
The "restore" option will restore the configuration to either the latest saved configuration or the original settings.
[root@hostname]# cmc_cert_util restore -hv usage: cmc_cert_util restore [-h] [-v] [-r] -o | -l -y -h Print usage -v Verbose [false] -r Restart web server [false] -y Confirm restore (required!) -o Original configuration [false] -l Last saved configuration [true]
Display Certificate Details:
The "info" option may be used to print relevant fields from the named certificate (or current certificate, if not specified).
[root@hostname]# cmc_cert_util info -hv usage: cmc_cert_util info [-h] [-v] [<prefix>] info