Univention Bugzilla – Bug 45610
"Signing of certificate signing requests" documentation incomplete
Last modified: 2024-04-17 13:16:26 CEST
https://docs.software-univention.de/domain-4.2.html#extdom:ssl:sign The "openssl.cnf" file uses several environment variables such as "$ENV::DEFAULT_CRL_DAYS" or "$ENV::DEFAULT_MD". If they're not set when "openssl ca …" is executed, then openssl will abort with an error message. The "extended domain services" documentation doesn't take those variables into account in section 3.2 "Signing of certificate signing requests by the UCS certificate authority", but it has to. Users do stumble across this discrepancy: https://help.univention.com/t/ucs-openssl-request-signing-error/7121/3
This bug hasn't seen any update for several years. I close it. If you still see a need for it, you can reopen the bug. Please add an argumentation about why it's important to take care of it.