Bug 44639

Summary: Include DNS Alias in SSL Certificate
Product: UCS Reporter: Nico Stöckigt <stoeckigt>
Component: SSLAssignee: UCS maintainers <ucs-maintainers>
Status: RESOLVED DUPLICATE QA Contact: UCS maintainers <ucs-maintainers>
Severity: normal    
Priority: P5 CC: b.reese, grandjean, hahn
Version: UCS 4.2   
Target Milestone: ---   
Hardware: Other   
OS: Linux   
See Also: https://forge.univention.org/bugzilla/show_bug.cgi?id=44469
What kind of report is it?: Feature Request What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: Yes ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score:

Description Nico Stöckigt univentionstaff 2017-05-18 16:08:06 CEST 
Currently only the FQDN (CNAME) is part of the SSL Certificate. It would be awesome when also Aliases are included. This should be the default.
Comment 1 Philipp Hahn univentionstaff 2019-09-12 09:01:43 CEST 
Already implemented via Bug #44469.

But currently there is a race condition, which breaks the process in some cases:
- during the join the computer account and its DNS records are created.
- it needs time to get BIND to reload the modified zone, which happens asynchronously in the background and is delayed by UDLs 15s postrun phase.
- the certificate gets created before that is finished and might miss some CNAMEs.

*** This bug has been marked as a duplicate of bug 44469 ***