Univention Bugzilla – Bug 38611
Change of SSL certificates quite difficult
Last modified: 2023-06-28 10:33:29 CEST
If the SSL certificates are expired it is quite hard to roll out the new versions. Scp is not sufficient because the images are mounted ro per default. You cannot change this for each client by central management tools (UMC module) because this depends on a working LDAP connection. As the mount option is checked pre-boot it is also not sufficient to scp the new ceritificates and then change mount option via UMC afterwards. The only way to do it seems to change the mount options via kernel cmdline to mount=rw locally, reboot, scp certificates.
UCC 1.x / 2.x is out of maintenance. In case this Bug is still relevant please clone with the correct version.