Bug 45610 - "Signing of certificate signing requests" documentation incomplete
"Signing of certificate signing requests" documentation incomplete
Status: NEW
Product: UCS extended documentation
Classification: Unclassified
Component: Domain services / LDAP
unspecified
Other Linux
: P5 normal (vote)
: ---
Assigned To: Docu maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-30 09:25 CET by Moritz Bunkus
Modified: 2017-10-30 09:25 CET (History)
0 users

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Bunkus 2017-10-30 09:25:27 CET
https://docs.software-univention.de/domain-4.2.html#extdom:ssl:sign

The "openssl.cnf" file uses several environment variables such as "$ENV::DEFAULT_CRL_DAYS" or "$ENV::DEFAULT_MD". If they're not set when "openssl ca …" is executed, then openssl will abort with an error message.

The "extended domain services" documentation doesn't take those variables into account in section 3.2 "Signing of certificate signing requests by the UCS certificate authority", but it has to.

Users do stumble across this discrepancy: https://help.univention.com/t/ucs-openssl-request-signing-error/7121/3