Univention Bugzilla – Bug 43102
Docker Apps should gain access to the host's CA cert
Last modified: 2019-01-03 07:18:42 CET
Like Bug #42016, but for /etc/univention/ssl/ucsCA/CAcert.pem HostCaCertificateAccess=True We need this non appbox docker apps (e.g. ldaps/ldap-TLS to the UCS ldap server)
(In reply to Felix Botner from comment #0) > Like Bug #42016, but for /etc/univention/ssl/ucsCA/CAcert.pem > > HostCaCertificateAccess=True > > > We need this non appbox docker apps (e.g. ldaps/ldap-TLS to the UCS ldap > server) Please do it right and fix Bug #39179 instead!
(In reply to Philipp Hahn from comment #1) > (In reply to Felix Botner from comment #0) > > Like Bug #42016, but for /etc/univention/ssl/ucsCA/CAcert.pem > > > > HostCaCertificateAccess=True > > > > > > We need this non appbox docker apps (e.g. ldaps/ldap-TLS to the UCS ldap > > server) > > Please do it right and fix Bug #39179 instead! However Bug #39179 is fixed, we can't assume any docker container to be a "host in the domain". Some docker images may not be based on the appbox UCS image and never will be real hosts in the domain, so we need a way to access the root CA (either */ssl/ucsCA/CAcert.pem or */ca-certificates/ucsCA.crt) from the container. That is what this bug is about.
I was just asked by an ISV about this feature, reason was the same as comment 0: ldaps/ldap-TLS to the UCS ldap server
This issue has been filled against UCS 4.1. The maintenance with bug and security fixes for UCS 4.1 has ended on 5st of April 2018. Customers still on UCS 4.1 are encouraged to update to UCS 4.3. Please contact your partner or Univention for any questions. If this issue still occurs in newer UCS versions, please use "Clone this bug" or simply reopen the issue. In this case please provide detailed information on how this issue is affecting you.