Bug 38611 – Change of SSL certificates quite difficult

Bug 38611 - Change of SSL certificates quite difficult


Summary:	Change of SSL certificates quite difficult

Status:	CLOSED WONTFIX

Product:	Z_Univention Corporate Client (UCC)
Classification:	Unclassified
Component:	Client management
Version:	UCC 2.0
Hardware:	Other Linux

Importance:	P5 normal
Target Milestone:	UCC 2.x
Assigned To:	UCC maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-05-27 12:19 CEST by Tim Petersen
Modified:	2023-06-28 10:33 CEST (History)
CC List:	4 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Petersen

2015-05-27 12:19:09 CEST

If the SSL certificates are expired it is quite hard to roll out the new versions.
Scp is not sufficient because the images are mounted ro per default.
You cannot change this for each client by central management tools (UMC module) because this depends on a working LDAP connection.
As the mount option is checked pre-boot it is also not sufficient to scp the new ceritificates and then change mount option via UMC afterwards.

The only way to do it seems to change the mount options via kernel cmdline to mount=rw locally, reboot, scp certificates.

Comment 1 Ingo Steuwer

2020-06-19 16:56:10 CEST

UCC 1.x / 2.x is out of maintenance. In case this Bug is still relevant please clone with the correct version.