App Certificates

From Univention Wiki

Revision as of 11:51, 21 June 2018 by Botner (talk | contribs)
Jump to: navigation, search

Apps may need access to the UCS certificate infrastructure or need to be aware of changes to the certificates. Staring with UCS 4.3 erratum 91 the Univention App Center provides a simple way to manage certificates inside an App.

The new App Center command is called update-certificates and should

When is update-certificates called?

update_certificates is automatically called during the installation and update of an App. But it can be called any time on the command line with:

# update all apps
-> univention-app update-certificates

# update app "abc"
-> univention-app update-certificates abc

What is being done in update-certificates?

All Apps

Every App can define a update_certificates' script. This script is executed on the UCS system (the docker Host) upon the App Center update-certificates

Docker/Container Apps

Additionally the following steps executed for container Apps:

  • The UCS root CA certificate is copied to /usr/local/share/ca-certificates/ucs.crt inside the container
  • update-ca-certificates is executed inside the container (if existing)
  • The UCS root CA certificate is copied to /etc/univention/ssl/ucsCA/CAcert.pem inside the container
  • The docker host UCS certificate is copied to /etc/univention/ssl/docker-host-certificate/cert.pem|private.key and /etc/univention/ssl/$FQDN_DOCKER_HOST/cert.pem|private.key
Personal tools