Hello all,
I've a project for my school where I've to import more thant 1'000 people in my ClearOS system. These people come from an export of my government's AD export. I'll receive this export everynight and I'll have to synchronize it with my ClearOS Ldap.
This part works fine; thanks to all (especially Nick) for their help.
When I receive the export file from my government, passwords are not included so, when I create a new user in my ClearOS, I give it a temporary password. Then, this user has to connect to the webconsole to change it.
My last problem ist here. For the while, I've a self-signed certificate and everytime they try to connect comes an errors, warnings, etc. because of the self-signet certificate. As I dont want to receive hundreds phone calls from users requesting some help because of that, I'd like to solve that. According to the other posts of this forum, it seems that the only way is using a certificate like Let's Encrypt. But here again, I've a problem because my server has no access from the outside because of my government's restrictions (it's a standard server, not a gateway).
So, maybe the only way would be to generate a certficate from another server connected to the domain and import it into my clearos ( with the correct domain name, of course) ?
Can someone confirm that .. or give me another way to solve my problem ?
Thanks to all for your help
I've a project for my school where I've to import more thant 1'000 people in my ClearOS system. These people come from an export of my government's AD export. I'll receive this export everynight and I'll have to synchronize it with my ClearOS Ldap.
This part works fine; thanks to all (especially Nick) for their help.
When I receive the export file from my government, passwords are not included so, when I create a new user in my ClearOS, I give it a temporary password. Then, this user has to connect to the webconsole to change it.
My last problem ist here. For the while, I've a self-signed certificate and everytime they try to connect comes an errors, warnings, etc. because of the self-signet certificate. As I dont want to receive hundreds phone calls from users requesting some help because of that, I'd like to solve that. According to the other posts of this forum, it seems that the only way is using a certificate like Let's Encrypt. But here again, I've a problem because my server has no access from the outside because of my government's restrictions (it's a standard server, not a gateway).
So, maybe the only way would be to generate a certficate from another server connected to the domain and import it into my clearos ( with the correct domain name, of course) ?
Can someone confirm that .. or give me another way to solve my problem ?
Thanks to all for your help
In Web Server
Share this post:
Responses (6)
-
Accepted Answer
-
Accepted Answer
All you need is for your server to respond to the name on the certificate, and then use the name on the certificate to access your server. It may mean just adding a DNS entry. E.g if you owned the domain arnaud.com and created a certificate for clearos.arnaud.com and put it on ClearOS in your school, then put an entry in the DNS server for your_school_clearos_lan_IP to clearos.arnaud.com. As long as your students were using ClearOS as the DNS server and accessing ClearOS using clearos.arnaud.com, then they would not get a certificate error. The same goes if you use your school's wildcard certificate. It does not matter what your actual LAN is called. -
Accepted Answer
Thanks Nick,
Yes, that's why I would like to do because the provider of the school's domain can create wildcard certificate. But according to the fact that my school owns th following domain : myschool.ch ; can my local subdomain be something like : local.myschool.ch ? .. because for the while, my clearos domain is myschool.lan Of course, I'll have to change the domain name in my ClearOS, but can I do that ?
thanks -
Accepted Answer
-
Accepted Answer
Thanks Nick. For Let's Encrypt, that why I was asking if I could create the certificate using a server (with my domain) connected to internet and then import these certificates into my clearos ...
I found that post from 2018 which sounds interesting about that ...
If i've no choicie, I'll have to follow your howto
-
Accepted Answer
For Let's Encrypt, it needs to be able to connect to you by your domain name to verify you own the domain. This will probably become insurmountable.
Have you seen this howto? I have not had much success. I have a feeling in a domain you have to use a group policy, but I don't know which.
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »