Univention Bugzilla – Bug 42837
univention-certificate runs only on DC master, does not generate certificates when installed during DVD installation
Last modified: 2016-12-21 15:32:57 CET
From Bug #42500 Appliance test: Failed, I've created an appliance while quitting system setup via CTRL-Q. Afterwards, I don't have HTTPS for the Appliance setup, only HTTP. I guess that is not correct. When installing from DVD, univention-ssl gets installed, but does not create certificates in its postinst, because no server role is defined yet. That causes the univention-apache postinst to not activate ssl and default-ssl. The certificate will be generated in the system-setup scripts, ssl and default-ssl will be activated in 08univention-apache.inst, so normal UCS DVD installations should not be affected
Introduced by bug 24094 r70558
This also causes the following regression (feedback 2016111221000165): When installing from ISO in text installer mode, a message is shown when system-setup is prepared, to access the system via https://<ip>. But only http works, as no certificate was created and ssl is not activated for apache2
4.1-4: r74969 | Bug #42837 SSL: Allow usage on basesystem or unjoined systems 4.2-0: r74977 | Bug #42837 SSL: Allow usage on basesystem or unjoined systems YAML: r74976 | Bug #39068,Bug #39179,Bug #42837: SSL Package: univention-ssl Version: 10.0.0-18.175.201612051532 Branch: ucs_4.1-0 Scope: errata4.1-4
-> ucr unset server/role -> univention-certificate new -name backup Creating certificate: backup -> ucr set server/role=basesystem -> univention-certificate new -name backup Creating certificate: backup -> ucr set server/role=domaincontroller_master -> univention-certificate new -name backup Creating certificate: backup -> ucr set server/role=domaincontroller_backup (domaincontroller_slave member, ...) : Works only on the DC master OK - univention-ssl OK - YAML OK - merged to 4.2-0 removed 3 from yaml version (4.1-3 is no longer maintained)
<http://errata.software-univention.de/ucs/4.1/361.html>