First Last Prev Next    This bug is not in your last search results.
Bug 47608 - broken certificate infrastructure during appliance setup
broken certificate infrastructure during appliance setup
Status: RESOLVED WONTFIX
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.3
Other Linux
: P5 normal with 2 votes (vote)
: ---
Assigned To: App Center maintainers
App Center maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-08-17 13:08 CEST by Felix Botner
Modified: 2021-05-14 16:34 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.091
Enterprise Customer affected?:
School Customer affected?:
ISV affected?: Yes
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Botner univentionstaff 2018-08-17 13:08:49 CEST 
During the setup we use a "dummy" certificate infrastructure (unassigned-hostname.unassigned-domain)

In the App Appliance mode this can cause problem during the app installation (nextcloud). 

(1).

 * the root CA of the "dummy" certificate infrastructure is not stored
   in the globle certificate store (/usr/local/share/ca-certificates/, 
   update-ca-certificates)

(2).

 * But even if this would be the case, the certificate subject name does 
   not matches the hostname at the time the apps is installed, because now the
   system has correct "setup" hostname and domain (no longer 
   unassigned-hostname.unassigned-domain)
Comment 1 Nico Gulden univentionstaff 2018-08-21 12:32:34 CEST 
This situation causes a workaround in the Nextcloud app setup. They have a detection for appliance setup and send curl insecure requests. See https://github.com/nextcloud/univention-app/blob/b3bdd7f4b98c6337c2cb2e3f5055ffea1a9bb776/inst#L64
Comment 2 Ingo Steuwer univentionstaff 2021-05-14 15:42:05 CEST 
This issue has been filed against UCS 4.3.

UCS 4.3 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.
First Last Prev Next    This bug is not in your last search results.