Univention Bugzilla – Bug 53837
Improve documentation of Kelvin REST API regarding vhosts and SSL certificates
Last modified: 2021-09-24 16:19:31 CEST
The Kelvin REST API automatically connects to the FQDN found in UCRV "ldap/master" ("primary.ucs.local"). While it has a configuration option for using a custom SSL certificate, if a customer got a certificate signed by a public CA, that certificate will most likely not include the name UCS servers name in "ldap/master" but only the name intended for the public ("portal.school.de"). The solution to the problem is to create separate vhosts for the name in "ldap/master" ("primary.ucs.local") and the servers public name ("portal.school.de"): univention-add-vhost --ssl --cert /etc/univention/ssl/primary.ucs.local/cert.pem --private-key /etc/univention/ssl/primary.ucs.local/private.key --ca /etc/univention/ssl/ucsCA/CAcert.pem primary.ucs.local 443 Add a section about with this command to the Kelvin REST APIs documentation.