Univention Bugzilla – Bug 47608
broken certificate infrastructure during appliance setup
Last modified: 2021-05-14 16:34:21 CEST
During the setup we use a "dummy" certificate infrastructure (unassigned-hostname.unassigned-domain) In the App Appliance mode this can cause problem during the app installation (nextcloud). (1). * the root CA of the "dummy" certificate infrastructure is not stored in the globle certificate store (/usr/local/share/ca-certificates/, update-ca-certificates) (2). * But even if this would be the case, the certificate subject name does not matches the hostname at the time the apps is installed, because now the system has correct "setup" hostname and domain (no longer unassigned-hostname.unassigned-domain)
This situation causes a workaround in the Nextcloud app setup. They have a detection for appliance setup and send curl insecure requests. See https://github.com/nextcloud/univention-app/blob/b3bdd7f4b98c6337c2cb2e3f5055ffea1a9bb776/inst#L64
This issue has been filed against UCS 4.3. UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.