Bug 38086 – Missing UCS-CA integration

Bug 38086 - Missing UCS-CA integration


Summary:	Missing UCS-CA integration

Status:	RESOLVED WONTFIX

Product:	UCS
Classification:	Unclassified
Component:	PostgreSQL
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.0-x
Assigned To:	UCS maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-03-19 12:18 CET by Philipp Hahn
Modified:	2019-01-03 07:16 CET (History)
CC List:	3 users (show)

See Also:	39179
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	2: Will only affect a few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Philipp Hahn

2015-03-19 12:18:25 CET

A newly installed univention-postgres uses the snakeoil-CA instead of the UCS-CA:

# find /var/lib/postgresql/ -name server.\* -ls
396410    0 lrwxrwxrwx   1 root     root           36 Mär 19 11:51 /var/lib/postgresql/8.4/main/server.crt -> /etc/ssl/certs/ssl-cert-snakeoil.pem
396417    0 lrwxrwxrwx   1 root     root           38 Mär 19 11:51 /var/lib/postgresql/8.4/main/server.key -> /etc/ssl/private/ssl-cert-snakeoil.key

Those symlins are created by "/usr/bin/pg_createcluster" if "/etc/ssl/certs/ssl-cert-snakeoil.pem" exists, which is created when installing the package "ssl-cert", which "postfix" and "postgresql-*" depend on.


See <http://www.postgresql.org/docs/9.1/static/ssl-tcp.html> for more information about setting up PostgreSQL for SSL.


FYI: /etc/postgresql-common/root.crt is only required for client-side authentication with SSL.

Comment 1 Stefan Gohmann

2019-01-03 07:16:59 CET

This issue has been filled against UCS 4.0. The maintenance with bug and security fixes for UCS 4.0 has ended on 31st of May 2016.

Customers still on UCS 4.0 are encouraged to update to UCS 4.3. Please contact
your partner or Univention for any questions.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.