![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Create server certificate
1.Select the newly created CA in the YaST2 CA management module.
2.Press "Enter CA".
3.Enter the CA password.
4.Select the Certificates tab.
5.Click on "Add" and choose Server Certificate.
6.Provide the requested data:
7.For Common Name put in the fully qualified domain name of the server (FQDN) of the server, for example "smt-server.example.net". This is mandatory! NOTE: If you are recreating the CA because of a server name or domain change for the SMT server do not forget to also change the url setting in the /etc/smt.conf file.
8.Add an valid email address of the server administrator and press "Add".
9.Press "Next".
10.Here it is possible to either use the CA password for the server certificate or a different one. Also key length and validity may be changed.
11.Add DNS hostname and IP address to Subject Alternative Name. Adding the IP is optional, but the DNS hostname (as the FQDN) must be added, else the certificate will not accepted on all implementations. Adding the IP address has the advantage that clients also could use IP to connect to SMT server, but as IP might change, DNS hostname should be preferred . Add additional DNS hostnames and IP addresses of the SMT server if needed.
◦Select 'Advanced Options'.
◦Select 'Subject Alt Name' (not to be confused with Issuer Alt Name!!).
◦Select 'Add'.
◦Choose 'DNS' and put int the hostname (FQDN) of the server
◦Choose 'IP' and put in the IP address of the server.
12.Select 'Next' to get to an overview over the certificate.
CREATE
TAB to highlight newly created certificate
Export the certificate as common server certificate, so that the http server apache uses it
1.On the certificates tab locate the "Export" button.
2.Select "Export as common server certificate".
3.Enter the password that was chosen for the server certificate.
4.A message "Certificate has been written as common server certificate" will be displayed.
Export the CA certificate to the smt.crt file
1.In the YaST2 CA management module change to the "Description" tab and select "Advanced / Export to File".
2.Select "Only the Certificate in PEM Format" and enter "/srv/www/htdocs/smt.crt" as the filename.
3.Select "Ok" to export the file.
4.Leave YaST.
Restart SMT
1.Restart the smt server by entering "rcsmt restart" into the root shell. This will also restart the http server apache on SMT 11/10, so that apache uses the new certificate.
NOTE: on SMT 12 SP1/2/3 servers run
systemctl restart smt.service
and
systemctl restart apache2
1.Select the newly created CA in the YaST2 CA management module.
2.Press "Enter CA".
3.Enter the CA password.
4.Select the Certificates tab.
5.Click on "Add" and choose Server Certificate.
6.Provide the requested data:
7.For Common Name put in the fully qualified domain name of the server (FQDN) of the server, for example "smt-server.example.net". This is mandatory! NOTE: If you are recreating the CA because of a server name or domain change for the SMT server do not forget to also change the url setting in the /etc/smt.conf file.
8.Add an valid email address of the server administrator and press "Add".
9.Press "Next".
10.Here it is possible to either use the CA password for the server certificate or a different one. Also key length and validity may be changed.
11.Add DNS hostname and IP address to Subject Alternative Name. Adding the IP is optional, but the DNS hostname (as the FQDN) must be added, else the certificate will not accepted on all implementations. Adding the IP address has the advantage that clients also could use IP to connect to SMT server, but as IP might change, DNS hostname should be preferred . Add additional DNS hostnames and IP addresses of the SMT server if needed.
◦Select 'Advanced Options'.
◦Select 'Subject Alt Name' (not to be confused with Issuer Alt Name!!).
◦Select 'Add'.
◦Choose 'DNS' and put int the hostname (FQDN) of the server
◦Choose 'IP' and put in the IP address of the server.
12.Select 'Next' to get to an overview over the certificate.
CREATE
TAB to highlight newly created certificate
Export the certificate as common server certificate, so that the http server apache uses it
1.On the certificates tab locate the "Export" button.
2.Select "Export as common server certificate".
3.Enter the password that was chosen for the server certificate.
4.A message "Certificate has been written as common server certificate" will be displayed.
Export the CA certificate to the smt.crt file
1.In the YaST2 CA management module change to the "Description" tab and select "Advanced / Export to File".
2.Select "Only the Certificate in PEM Format" and enter "/srv/www/htdocs/smt.crt" as the filename.
3.Select "Ok" to export the file.
4.Leave YaST.
Restart SMT
1.Restart the smt server by entering "rcsmt restart" into the root shell. This will also restart the http server apache on SMT 11/10, so that apache uses the new certificate.
NOTE: on SMT 12 SP1/2/3 servers run
systemctl restart smt.service
and
systemctl restart apache2
