Bug 35586 – Integrate a full featured Public-Key-Infrastructure (PKI)

Bug 35586 - Integrate a full featured Public-Key-Infrastructure (PKI)


Summary:	Integrate a full featured Public-Key-Infrastructure (PKI)

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	General
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 enhancement with 6 votes (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2014-08-08 15:49 CEST by Michael Grandjean
Modified:	2019-10-10 21:24 CEST (History)
CC List:	12 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2017032021000618, 2017032121000241
Bug group (optional):	Roadmap discussion (moved)
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Grandjean

2014-08-08 15:49:50 CEST

Since more and more services allow a certificate based authentication and UCS already comes with its own Certificate Authority, uses X.509 certificates for host-to-host communication, ships univention-ssl und commandline tools to create certificates, we should consider to extend this to a full featured PKI.

In comparison, Microsoft Windows Active Directory is able to provide such a PKI, that is even accessible through a web interface. For example users can issue their own certificate requests and the created client/user certificate is directly installed in the browsers certificate store.

Active Directory Certificate Services:
http://technet.microsoft.com/en-us/library/cc731523%28v=ws.10%29.aspx

Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services
http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx

There are certain extensions available for UCS, e.g. the Cool Solution for user certificates and some customer extensions for client certificates, but these are only partial solutions and mostly commandline based.

Our RADIUS App could also benefit from client/user certificates.

Comment 1 Cord Martens

2014-08-08 16:02:18 CEST

I will back up this feature!

Comment 2 Daniel Tröder

2017-03-24 09:36:06 CET

Such a feature is often asked for in the forums too.

Please provide a detailed list of functions the PKI should provide.
Please mark for each function in the list whether it should have a CLI and/or GUI interface and if it is must-have or nice-to-have.

Comment 3 Stefan Gohmann

2019-01-03 07:17:27 CET

This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.