diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
index bd73a4c..47fdb08 100644
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/umc/python/setup/util.py
@@ -358,8 +358,10 @@ def run_scripts( progressParser, restartServer = False ):
 	subprocess.call( CMD_DISABLE_EXEC, stdout = f, stderr = f )
 
 	for scriptpath in sorted_files_in_subdirs( PATH_SETUP_SCRIPTS ):
+		try:
 			# launch script
 			MODULE.info('Running script %s\n' % scriptpath)
+			f.write('Running script %s\n' % (scriptpath,))
 			p = subprocess.Popen( scriptpath, stdout = subprocess.PIPE, stderr = subprocess.STDOUT )
 			while True:
 				line = p.stdout.readline()
@@ -367,7 +369,11 @@ def run_scripts( progressParser, restartServer = False ):
 					break
 				progressParser.parse( line )
 				f.write( line )
-			p.wait()
+			rv = p.wait()
+			f.write('Finished script %s: %d\n' % (scriptpath, rv))
+		except Exception as ex:
+			f.write('Exception script %s: %s\n' % (scriptpath, ex))
+			raise
 
 	# enable execution of servers again
 	subprocess.call(CMD_ENABLE_EXEC, stdout=f, stderr=f)
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl
index 923b0d6..00c3d80 100644
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl
@@ -30,12 +30,12 @@
 # /usr/share/common-licenses/AGPL-3; if not, see
 # <http://www.gnu.org/licenses/>.
 
-force_recreate=0
+recreate=false
 
 while [ "$#" -gt 0 ]; do
-	case $1 in
+	case "$1" in
 		--force-recreate)
-			force_recreate=1
+			recreate=true
 			shift 1
 			;;
 		*)
@@ -69,12 +69,13 @@ for var in "common" "locality" "organization" "country" "state" "organizationalu
 	new="new_ssl_$var"
 
 	if [ -n "${!new}" -a "${!old}" != "${!new}" ]; then
-		recreate="yes"
+		recreate=true
 		break
 	fi
 done
 
-if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then
+if "$recreate"
+then
 	# remove old backup
 	if [ -d /etc/univention/ssl.orig ]; then
 		rm -rf /etc/univention/ssl.orig
@@ -90,35 +91,28 @@ if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then
 
 	# set UCR variables
 	for var in "common" "locality" "organization" "country" "state" "organizationalunit" "email"; do
-		old="ssl_$var"
 		new="new_ssl_$var"
 		if [ -n "${!new}" ]; then
-			univention-config-registry set "${old/_//}=${!new}"
+			echo "ssl/$var=${!new}"
 		fi
-	done
+	done | xargs -r -d'\n' univention-config-registry set
 
 	# create new CA und certificates
 	. /usr/share/univention-ssl/make-certificates.sh
 	init
 	(
 		cd /etc/univention/ssl.orig
-		for fqdn in *; do
+		for fqdn in *.*
+		do
 			# just check directories for certificates
-			if [ ! -d "$fqdn" ]; then
-				continue
-			fi
-			# ignore ucsCA and directory not containing a dot
-			if [ "$fqdn" = "ucsCA" ] || ! echo "$fqdn" | grep '\.' &>/dev/null; then
-				continue
-			fi
+			[ -d "$fqdn" ] || continue
 			# if there is no certificate, ignore it
-			if [ ! -e "$fqdn/cert.pem" ]; then
-				continue
+			[ -e "$fqdn/cert.pem" ] || continue
+			univention-certificate new -name "$fqdn"
+			if [ "$fqdn" -ne "${fqdn%.$domainname}" ]
+			then
+				ln -sf "$fqdn" "/etc/univention/ssl/${fqdn%%.*}"
 			fi
-			# get the hostname
-			host=$(echo $fqdn | sed 's/\([^.]*\)\..*/\1/')
-			univention-certificate new -name $fqdn
-			ln -sf /etc/univention/ssl/$host.$domainname /etc/univention/ssl/$host
 		done
 	)
 
@@ -126,15 +120,13 @@ if [ "$recreate" = "yes" -o "$force_recreate" = "1" ]; then
 	for file in cert.pem private.key; do
 		if [ -e "/var/lib/cyrus/$file" ]
 		then
-			cp /etc/univention/ssl/$hostname.$domainname/$file /var/lib/cyrus/$file
-			chown cyrus /var/lib/cyrus/$file
-			chmod 600 /var/lib/cyrus/$file
+			install -o cyrus -m 600 "/etc/univention/ssl/$hostname.$domainname/$file" "/var/lib/cyrus/$file"
 		fi
 	done
 
 	# restart services
 	for service in slapd apache2 cyrus postfix; do
-		invoke-rc.d --quiet $service restart
+		invoke-rc.d --quiet "$service" restart
 	done
 fi
 
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst b/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst
index faf6cee..f8317f4 100644
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-server/debian/univention-server-master.preinst
@@ -47,7 +47,7 @@ if [ -n "$hostname" -a -n "$domainname" ]; then
 	if ! test -e /etc/univention/ssl/$hostname/cert.pem; then
 		. /usr/share/univention-ssl/make-certificates.sh
 		gencert "$hostname.$domainname" "$hostname.$domainname"
-		ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	fi
 fi
 
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst b/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst
index 98f2740..790c737 100755
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-ssl/debian/univention-ssl.postinst
@@ -77,7 +77,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [
 		. /usr/share/univention-ssl/make-certificates.sh
 		init
 		univention-certificate new -name "$hostname.$domainname"
-		ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname"
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	else
 		echo "skipped. SSL Certificate found in $CERTPATH"
 	fi
@@ -91,7 +91,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then
 fi
 
 if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then
-	ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname"
+	ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 fi
 
 # update to 3.1
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname
index 3c5b7dc..f028ae2 100644
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname
@@ -258,9 +258,9 @@ if [ "$server_role" != "basesystem" ]; then
 
 		if [ -d /etc/cups/ssl ]; then
 			rm -f /etc/cups/ssl/server.crt
-			ln -s /etc/univention/ssl/$new_hostname.$domainname/cert.pem /etc/cups/ssl/server.crt
+			ln -s "/etc/univention/ssl/$new_hostname.$domainname/cert.pem" /etc/cups/ssl/server.crt
 			rm -f /etc/cups/ssl/server.key
-			ln -s /etc/univention/ssl/$new_hostname.$domainname/private.key /etc/cups/ssl/server.key
+			ln -s "/etc/univention/ssl/$new_hostname.$domainname/private.key" /etc/cups/ssl/server.key
 		fi
 	fi
 
@@ -268,7 +268,7 @@ if [ "$server_role" != "basesystem" ]; then
 	echo `date` : "Create new host certificate"  >> /var/log/univention/setup.log
 
 	rm -f /etc/univention/ssl/$new_hostname
-	ln -sf /etc/univention/ssl/$new_hostname.$domainname /etc/univention/ssl/$new_hostname
+	ln -sf "$new_hostname.$domainname" /etc/univention/ssl/$new_hostname
 
 
 	if [ -d "/var/lib/cyrus/" ]; then
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname
index 96a45ef..3ae8835 100644
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname
@@ -207,7 +207,7 @@ if [ "$server_role" = "domaincontroller_master" ]; then  # create the new certif
 	rm -rf /etc/univention/ssl/univention-directory-manager.$old_domainname
 	univention-certificate new -name "univention-directory-manager.$new_domainname"
 	rm -f /etc/univention/ssl/univention-directory-manager
-	ln -sf /etc/univention/ssl/univention-directory-manager.$new_domainname /etc/univention/ssl/univention-directory-manager
+	ln -sf "univention-directory-manager.$new_domainname" /etc/univention/ssl/univention-directory-manager
 elif [ "$server_role" != "basesystem" ]; then # download certificate from master
 	if [ -x "/usr/sbin/univention-scp" ]; then
 		echo `date` : "Download host certificate"  >> /var/log/univention/setup.log
@@ -232,7 +232,7 @@ fi
 
 if [ "$server_role" != "basesystem" ]; then
 	rm -f /etc/univention/ssl/$hostname
-	ln -sf /etc/univention/ssl/$hostname.$new_domainname /etc/univention/ssl/$hostname
+	ln -sf "$hostname.$new_domainname" "/etc/univention/ssl/$hostname"
 
 	if [ -d "/etc/univention/ssl/$hostname.$new_domainname" ]; then
 		echo `date` : "Include new host certificate for Cyrus"  >> /var/log/univention/setup.log
diff --git a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh
index 58c9da5..1f3096a 100755
--- a/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh
+++ b/branches/ucs-3.2/ucs-3.2-0/base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh
@@ -151,7 +151,7 @@ if [ "$server_role" = "domaincontroller_master" ]; then
 fi
 
 univention-certificate new -name "$hostname.$domainname"
-ln -sf "/etc/univention/ssl/$hostname.$domainname" "/etc/univention/ssl/$hostname"
+ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 
 run-parts /usr/lib/univention-system-setup/scripts/45_modules/
 
diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst
index d03deba..2ff2bee 100755
--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst
+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst
@@ -77,12 +77,12 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [
 		# Bug #13549
 		rdate time.fu-berlin.de || rdate 130.133.1.10 || true
 
-		. /usr/share/univention-ssl/make-certificates.sh;
-		init;
+		. /usr/share/univention-ssl/make-certificates.sh
+		init
 		univention-certificate new -name $hostname.$domainname
-		ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	else
-		echo "skipped. SSL Certificate found in $CERTPATH ";
+		echo "skipped. SSL Certificate found in $CERTPATH "
 	fi
 fi
 
@@ -94,7 +94,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then
 fi
 
 if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then
-	ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+	ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 fi
 
 if [ "$1" = "$configure" -a -z "$2" ]; then
diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst
index d095b16..40f5e10 100755
--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst
+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst
@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [
 		. /usr/share/univention-ssl/make-certificates.sh;
 		init;
 		univention-certificate new -name $hostname.$domainname
-		ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	else
 		echo "skipped. SSL Certificate found in $CERTPATH ";
 	fi
@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then
 fi
 
 if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then
-	ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+	ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 fi
 
 if [ "$1" = "$configure" -a -z "$2" ]; then
diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst
index d095b16..40f5e10 100755
--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst
+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0013-2/debian/postinst
@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [
 		. /usr/share/univention-ssl/make-certificates.sh;
 		init;
 		univention-certificate new -name $hostname.$domainname
-		ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	else
 		echo "skipped. SSL Certificate found in $CERTPATH ";
 	fi
@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then
 fi
 
 if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then
-	ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+	ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 fi
 
 if [ "$1" = "$configure" -a -z "$2" ]; then
diff --git a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst
index d095b16..40f5e10 100755
--- a/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst
+++ b/branches/ucs-3.2/ucs-3.2-0/packaging/ucslint/testframework/0015-2/debian/postinst
@@ -78,7 +78,7 @@ if [ "$server_role" = "domaincontroller_master" ] || [ -z "$server_role" ] || [
 		. /usr/share/univention-ssl/make-certificates.sh;
 		init;
 		univention-certificate new -name $hostname.$domainname
-		ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+		ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 	else
 		echo "skipped. SSL Certificate found in $CERTPATH ";
 	fi
@@ -92,7 +92,7 @@ if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 1.3; then
 fi
 
 if [ "$1" = configure -a -n "$2" ] && dpkg --compare-versions "$2" lt 3.0.3-1; then
-	ln -sf /etc/univention/ssl/$hostname.$domainname /etc/univention/ssl/$hostname
+	ln -sf "$hostname.$domainname" "/etc/univention/ssl/$hostname"
 fi
 
 if [ "$1" = "$configure" -a -z "$2" ]; then