Univention Bugzilla – Bug 52879
cups uses self signed certificate instead of ucs-ca-signed certificate
Last modified: 2023-06-13 18:16:41 CEST
In a default installation, CUPS does not use the provided ucs-ca signed certificate, but generates its own new one. Sample output of /etc/cups/ssl: example1.example.net.crt example1.example.net.key server.crt -> /etc/univention/ssl/example1.example.net/cert.pem server.key -> /etc/univention/ssl/example1.example.net/private.key It seems that we basically want to use the ucs-certificate, but a suitable configuration parameter is still missing You can reproduce this by installing a default cups-setup (univention-app install cups), then open https://<YOUR.SERVER.URL>:631, and then just simply check the certificate within your browser.
Patch proposal from last Hackathon: * https://git.knut.univention.de/univention/ucs/-/commit/f23f78a8d270242a7e6e91ac45755aeeeae33f55
(In reply to Arvid Requate from comment #1) > Patch proposal from last Hackathon: > * > https://git.knut.univention.de/univention/ucs/-/commit/ > f23f78a8d270242a7e6e91ac45755aeeeae33f55 → which is part of branch arequate/ipp-everywhere and since rebase it's f23f78a8d270242a7e6e91ac45755aeeeae33f55