Bug 54935 – Document TLS certificate handling for Kelvin REST API

Bug 54935 - Document TLS certificate handling for Kelvin REST API


Summary:	Document TLS certificate handling for Kelvin REST API

Status:	NEW

Product:	UCS@school
Classification:	Unclassified
Component:	HTTP-API (Kelvin)
Version:	UCS@school 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS@school maintainers
QA Contact:

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2022-07-05 11:02 CEST by Nico Gulden
Modified:	2022-07-05 11:13 CEST (History)
CC List:	1 user (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	2: Improvement: Would be a product improvement
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.023
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Nico Gulden

2022-07-05 11:02:31 CEST

Document the handling of the TLS certificate for the Kelvin REST API:

* The certificate for the connection to a school authority locates at /var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/ssl_certs/<FQDN school authority>

* The file must include the matching root certificate to the school authority.

Optionally, the documentation could also cover how to handle the following cases:

* The school authority uses a commercial certificate for all vhosts in the Apache2 web server.

* The school authority system uses a custom certificate only for the Kelvin REST API.