Bug 47608 - broken certificate infrastructure during appliance setup
broken certificate infrastructure during appliance setup
Status: NEW
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.3
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: App Center maintainers
App Center maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-17 13:08 CEST by Felix Botner
Modified: 2019-03-16 22:03 CET (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2018-08-17 13:08:49 CEST
During the setup we use a "dummy" certificate infrastructure (unassigned-hostname.unassigned-domain)

In the App Appliance mode this can cause problem during the app installation (nextcloud). 

(1).

 * the root CA of the "dummy" certificate infrastructure is not stored
   in the globle certificate store (/usr/local/share/ca-certificates/, 
   update-ca-certificates)

(2).

 * But even if this would be the case, the certificate subject name does 
   not matches the hostname at the time the apps is installed, because now the
   system has correct "setup" hostname and domain (no longer 
   unassigned-hostname.unassigned-domain)
Comment 1 Nico Gulden univentionstaff 2018-08-21 12:32:34 CEST
This situation causes a workaround in the Nextcloud app setup. They have a detection for appliance setup and send curl insecure requests. See https://github.com/nextcloud/univention-app/blob/b3bdd7f4b98c6337c2cb2e3f5055ffea1a9bb776/inst#L64