Bug 44639 - Include DNS Alias in SSL Certificate
Include DNS Alias in SSL Certificate
Status: RESOLVED DUPLICATE of bug 44469
Product: UCS
Classification: Unclassified
Component: SSL
UCS 4.2
Other Linux
: P5 normal with 4 votes (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-18 16:08 CEST by Nico Stöckigt
Modified: 2019-09-12 09:01 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Nico Stöckigt univentionstaff 2017-05-18 16:08:06 CEST
Currently only the FQDN (CNAME) is part of the SSL Certificate. It would be awesome when also Aliases are included. This should be the default.
Comment 1 Philipp Hahn univentionstaff 2019-09-12 09:01:43 CEST
Already implemented via Bug #44469.

But currently there is a race condition, which breaks the process in some cases:
- during the join the computer account and its DNS records are created.
- it needs time to get BIND to reload the modified zone, which happens asynchronously in the background and is delayed by UDLs 15s postrun phase.
- the certificate gets created before that is finished and might miss some CNAMEs.

*** This bug has been marked as a duplicate of bug 44469 ***