Univention Bugzilla – Bug 44639
Include DNS Alias in SSL Certificate
Last modified: 2019-09-12 09:01:43 CEST
Currently only the FQDN (CNAME) is part of the SSL Certificate. It would be awesome when also Aliases are included. This should be the default.
Already implemented via Bug #44469.
But currently there is a race condition, which breaks the process in some cases:
- during the join the computer account and its DNS records are created.
- it needs time to get BIND to reload the modified zone, which happens asynchronously in the background and is delayed by UDLs 15s postrun phase.
- the certificate gets created before that is finished and might miss some CNAMEs.
*** This bug has been marked as a duplicate of bug 44469 ***