Bug 42837 – univention-certificate runs only on DC master, does not generate certificates when installed during DVD installation

Bug 42837 - univention-certificate runs only on DC master, does not generate certificates when installed during DVD installation


Summary:	univention-certificate runs only on DC master, does not generate certificates...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	SSL
Version:	UCS 4.1
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 4.1-4-errata
Assigned To:	Philipp Hahn
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2016-11-03 12:03 CET by Erik Damrose
Modified:	2016-12-21 15:32 CET (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	2: A Pain – users won’t like this once they notice it
User Pain:	0.046
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2016111221000165
Bug group (optional):	External feedback
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Erik Damrose

2016-11-03 12:03:58 CET

From Bug #42500
Appliance test: Failed, I've created an appliance while quitting system setup via CTRL-Q. Afterwards, I don't have HTTPS for the Appliance setup, only HTTP. I guess that is not correct.

When installing from DVD, univention-ssl gets installed, but does not create certificates in its postinst, because no server role is defined yet. That causes the univention-apache postinst to not activate ssl and default-ssl.

The certificate will be generated in the system-setup scripts, ssl and default-ssl will be activated in 08univention-apache.inst, so normal UCS DVD installations should not be affected

Comment 1 Erik Damrose

2016-11-03 12:13:37 CET

Introduced by bug 24094 r70558

Comment 2 Erik Damrose

2016-11-18 09:35:23 CET

This also causes the following regression (feedback 2016111221000165): When installing from ISO in text installer mode, a message is shown when system-setup is prepared, to access the system via https://<ip>. But only http works, as no certificate was created and ssl is not activated for apache2

Comment 3 Philipp Hahn

2016-12-05 15:46:40 CET

4.1-4:
r74969 | Bug #42837 SSL: Allow usage on basesystem or unjoined systems
4.2-0:
r74977 | Bug #42837 SSL: Allow usage on basesystem or unjoined systems
YAML:
r74976 | Bug #39068,Bug #39179,Bug #42837: SSL

Package: univention-ssl
Version: 10.0.0-18.175.201612051532
Branch: ucs_4.1-0
Scope: errata4.1-4

Comment 4 Felix Botner

2016-12-20 19:08:09 CET

-> ucr unset server/role
-> univention-certificate new -name backup
Creating certificate: backup

-> ucr set server/role=basesystem
-> univention-certificate new -name backup
Creating certificate: backup

-> ucr set server/role=domaincontroller_master
-> univention-certificate new -name backup
Creating certificate: backup

-> ucr set server/role=domaincontroller_backup (domaincontroller_slave
member, ...)
: Works only on the DC master

OK - univention-ssl
OK - YAML
OK - merged to 4.2-0

removed 3 from yaml version (4.1-3 is no longer maintained)

Comment 5 Philipp Hahn

2016-12-21 15:32:57 CET

<http://errata.software-univention.de/ucs/4.1/361.html>