Univention Bugzilla – Bug 32763
univention-certificate renew fails if hostname is substring of other host
Last modified: 2017-02-17 17:50:25 CET
Assuming an environment with the following UCS-hosts: host.domain.tld anotherhost.domain.tld "univention-certificate renew -name host.domain.tld ..." will fail with "Error opening ucsCA/certs ..." because the the routine tries to handle non existing filenames. This is caused by the usage of grep (line 338) in function renew_cert of /usr/share/univention-ssl/make-certificates.sh as it also matches for "anotherhost.domain.tld". Line 387 in function revoke_cert shows the same problem.
*** Bug 11298 has been marked as a duplicate of this bug. ***
*** Bug 28493 has been marked as a duplicate of this bug. ***
Fixed since r64182: univention-certificate new -name host.domain.tld -days 10 univention-certificate new -name anotherhost.domain.tld -days 10 univention-certificate renew -name host.domain.tld -days 10 *** This bug has been marked as a duplicate of bug 38859 ***