From Univention Wiki
Apps may need access to the UCS certificate infrastructure or need to be aware of changes to the certificates. Staring with UCS 4.3 erratum 91 the Univention App Center provides a simple way to manage certificates inside an App.
The new App Center command is called update-certificates and should
When is update-certificates called?
update_certificates is automatically called during the installation and update of an App. But it can be called any time on the command line with:
# update all apps -> univention-app update-certificates # update app "abc" -> univention-app update-certificates abc
What is being done in update-certificates?
Every App can define a update_certificates' script. This script is executed on the UCS system (the docker Host) upon the App Center update-certificates
Additionally the following steps executed for container Apps:
- The UCS root CA certificate is copied to /usr/local/share/ca-certificates/ucs.crt inside the container
- update-ca-certificates is executed inside the container (if existing)
- The UCS root CA certificate is copied to /etc/univention/ssl/ucsCA/CAcert.pem inside the container
- The docker host UCS certificate is copied to /etc/univention/ssl/docker-host-certificate/cert.pem|private.key and /etc/univention/ssl/$FQDN_DOCKER_HOST/cert.pem|private.key