Univention Bugzilla – Bug 35586
Integrate a full featured Public-Key-Infrastructure (PKI)
Last modified: 2019-10-10 21:24:27 CEST
Since more and more services allow a certificate based authentication and UCS already comes with its own Certificate Authority, uses X.509 certificates for host-to-host communication, ships univention-ssl und commandline tools to create certificates, we should consider to extend this to a full featured PKI. In comparison, Microsoft Windows Active Directory is able to provide such a PKI, that is even accessible through a web interface. For example users can issue their own certificate requests and the created client/user certificate is directly installed in the browsers certificate store. Active Directory Certificate Services: http://technet.microsoft.com/en-us/library/cc731523%28v=ws.10%29.aspx Enterprise PKI with Windows Server 2012 R2 Active Directory Certificate Services http://blogs.technet.com/b/yungchou/archive/2013/10/21/enterprise-pki-with-windows-server-2012-r2-active-directory-certificate-services-part-1-of-2.aspx There are certain extensions available for UCS, e.g. the Cool Solution for user certificates and some customer extensions for client certificates, but these are only partial solutions and mostly commandline based. Our RADIUS App could also benefit from client/user certificates.
I will back up this feature!
Such a feature is often asked for in the forums too. Please provide a detailed list of functions the PKI should provide. Please mark for each function in the list whether it should have a CLI and/or GUI interface and if it is must-have or nice-to-have.
This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016. Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.