Univention Bugzilla – Bug 39179
Install UCS Root CA cert as trusted certificate on all hosts in the domain
Last modified: 2016-12-21 15:32:52 CET
Currently the UCS root CA is not installed at least on the DC master automatically. This causes that "wget https://$(hostname -f)" fails. Workaround: ln -s /usr/local/share/ca-certificates/CAcert.pem /etc/univention/ssl/ucsCA/CAcert.pem update-ca-certificates
(In reply to Florian Best from comment #0) > ln -s /usr/local/share/ca-certificates/CAcert.pem /etc/univention/ssl/ucsCA/CAcert.pem Arguments need to be swapped: ln -s <source> <target>
update-ca-certificates will only recognize files ending with *.crt as certificates. This one worked for me: > root@ucs-7927:~# ln -s /etc/univention/ssl/ucsCA/CAcert.pem /usr/local/share/ca-certificates/ucsCA.crt > root@ucs-7927:~# update-ca-certificates > Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. > Running hooks in /etc/ca-certificates/update.d....done. See also 2015093021000271
*** Bug 35611 has been marked as a duplicate of this bug. ***
This caused some confusion on Ticket#2015112421000635
This is also a problem when you built a local App Center on the DC Master and use it on a Member: ucr set repository/app_center/server=master.my.domain univention-app update will not work. Workaround: ucr set repository/app_center/server=http://master.my.domain
UCS-4.1-4: r74972 | Bug #39179 join: Register ucsCA as trusted CA r74971 | Bug #39179 SSL: Register ucsCA as trusted CA r74970 | Bug #39179 SSL: Stop extracting request for ucsCSA UCS-4.2-0: r74980 | Bug #39179 join: Register ucsCA as trusted CA r74979 | Bug #39179 SSL: Register ucsCA as trusted CA r74978 | Bug #39179 SSL: Stop extracting request for ucsCSA YAML: r74976 | Bug #39068,Bug #39179,Bug #42837: SSL Package: univention-ssl Version: 10.0.0-18.175.201612051532 Branch: ucs_4.1-0 Scope: errata4.1-4 Package: univention-join Version: 8.0.4-6.520.201612051533 Branch: ucs_4.1-0 Scope: errata4.1-4
OK - update ... Updating certificates in /etc/ssl/certs... 1 added, 0 removed; done. ... -> file /etc/ssl/certs/ucsCA.pem /etc/ssl/certs/ucsCA.pem: symbolic link to `/usr/local/share/ca-certificates/ucsCA.crt' OK - join -> file /etc/ssl/certs/ucsCA.pem /etc/ssl/certs/ucsCA.pem: ERROR: cannot open `/etc/ssl/certs/ucsCA.pem' (No such file or directory) -> univention-join -> file /etc/ssl/certs/ucsCA.pem /etc/ssl/certs/ucsCA.pem: symbolic link to `/usr/local/share/ca-certificates/ucsCA.crt' -> ls -la /usr/local/share/ca-certificates/ucsCA.crt lrwxrwxrwx 1 root staff 36 Dez 20 19:27 /usr/local/share/ca-certificates/ucsCA.crt -> /etc/univention/ssl/ucsCA/CAcert.pem OK - univention-ssl OK - univention-join OK - YAML OK - merged to 4.2-0
<http://errata.software-univention.de/ucs/4.1/361.html> <http://errata.software-univention.de/ucs/4.1/362.html>