Welcome to OCS Inventory NG community support, where you can ask questions and receive answers from other members of the community.

Please ask questions only in English or French.

Release 2.11.1 available

The official documentation can be found on http://wiki.ocsinventory-ng.org. Read it before asking your question.

certificate for SSL

Every year I have to change the company's digital certificate, so whenever I change the SSL, I have to change all the clients to report, they have to use a certificate for each one.

My server is Linux

in OCS Inventory NG server for Unix by (120 points)

1 Answer

0 votes
The security of SSL for GLPI is very low : the agent is installed with a certificate file (cacert.pem), and this certificate is the public certificate of web server. So it's really easy to get the certificate file.

So, you have 2 choice : use certificate (and a long duration certificate), or not use certificate. (I choose the second choice).

With a certificate, you have the problem of distribution of this certificate : if client certificate is not the same of web server, you can't execute an OCS package for changing certificate, and also, you can't change certificate too early ...

If you want really a certificate, you could use a long self-signed certificate : for agent, it's ok : there is no check of self-signed.

Also, you have a solid trick (but very unsecure) : write a small program to get public certificate and write to cacert.pem. (tips : try openssl)
by (19.5k points)
edited by
 
Powered by Question2Answer
...