Difference between revisions of "App Certificates"

From Univention Wiki

Jump to: navigation, search
m (Botner moved page Docker Apps/Certificates to App Certificates: naming)
m
Line 1: Line 1:
 
[[Category:App Center Developer Guide]]
 
[[Category:App Center Developer Guide]]
sss
+
 
 +
Apps may need access to the UCS certificate infrastructure or need to be aware of changes to the certificates. Staring with UCS 4.3 erratum 91 the Univention App Center provides a simple way to manage certificates inside an App.
 +
 
 +
The new App Center command is called '''update-certificates''' and should
 +
 
 +
== When is update-certificates called? ==
 +
 
 +
'''update_certificates''' is automatically called during the installation and update of an App. But it can be called any time on the command line with:
 +
<pre>
 +
# update all apps
 +
-> univention-app update-certificates
 +
 
 +
# update app "abc"
 +
-> univention-app update-certificates abc
 +
</pre>
 +
 
 +
== What is being done in update-certificates? ==
 +
 
 +
=== All Apps ===
 +
 
 +
Every App can define a '''update_certificates''' script. This script is executed on the UCS system (the docker Host) upon the App Center ''update-certificates'''
 +
 
 +
=== Docker/Container Apps ===
 +
 
 +
Additionally the following steps executed for container Apps:
 +
* The UCS root CA certificate is copied to ''/usr/local/share/ca-certificates/ucs.crt'' inside the container
 +
* ''update-ca-certificates'' is executed inside the container (if existing)
 +
* The UCS root CA certificate is copied to ''/etc/univention/ssl/ucsCA/CAcert.pem'' inside the container
 +
* The docker host UCS certificate is copied to ''/etc/univention/ssl/docker-host-certificate/cert.pem|private.key'' and ''/etc/univention/ssl/$FQDN_DOCKER_HOST/cert.pem|private.key''

Revision as of 11:51, 21 June 2018


Apps may need access to the UCS certificate infrastructure or need to be aware of changes to the certificates. Staring with UCS 4.3 erratum 91 the Univention App Center provides a simple way to manage certificates inside an App.

The new App Center command is called update-certificates and should

When is update-certificates called?

update_certificates is automatically called during the installation and update of an App. But it can be called any time on the command line with:

# update all apps
-> univention-app update-certificates

# update app "abc"
-> univention-app update-certificates abc

What is being done in update-certificates?

All Apps

Every App can define a update_certificates' script. This script is executed on the UCS system (the docker Host) upon the App Center update-certificates

Docker/Container Apps

Additionally the following steps executed for container Apps:

  • The UCS root CA certificate is copied to /usr/local/share/ca-certificates/ucs.crt inside the container
  • update-ca-certificates is executed inside the container (if existing)
  • The UCS root CA certificate is copied to /etc/univention/ssl/ucsCA/CAcert.pem inside the container
  • The docker host UCS certificate is copied to /etc/univention/ssl/docker-host-certificate/cert.pem|private.key and /etc/univention/ssl/$FQDN_DOCKER_HOST/cert.pem|private.key
Personal tools