ClearFoundation Tracker - ClearOS
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0014581ClearOSapp-certificate-manager - Certificate Managerpublic2017-05-01 17:202017-05-18 08:02
Reporteruser2 
Assigned Touser2 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version7.3.1 UpdatesFixed in Version7.3.1 Updates 
Summary0014581: Create certificate manager state file
DescriptionThe Certificate Manager needs to keep track of deployed certificates. For example, consider the case where we have created third party certificates for www.example.com and:

1) imported the certs into the Certificate Manager
2) deployed the certs in the default web server

If we use symlinks to point Apache to the files stored in the Certificate Manager, then we need to make sure these files are not deleted. If not, Apache will refuse to start.

Alternatively, we can create copies of the cert files and place them inside an Apache subdirectory. This solves the delete problem, but creates a new issue: what happens when the certificates are renewed? The Certificate Manager would need to re-copy those renewed certificates to the Apache subdirectory.

In the end, both design methods require some kind of "state" file.

Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2017-05-01 17:20user2New Issue
2017-05-01 17:22user2Statusnew => confirmed
2017-05-09 12:50user2Note Added: 0005631
2017-05-10 09:32user2Statusconfirmed => resolved
2017-05-10 09:32user2Fixed in Version => 7.3.1 Updates
2017-05-10 09:32user2Resolutionopen => fixed
2017-05-10 09:32user2Assigned To => user2
2017-05-18 08:02user2Statusresolved => closed

Notes
(0005631)
user2   
2017-05-09 12:50   
This tracker issue discussion is interesting:

https://github.com/certbot/certbot/issues/1473 [^]

Let's go with the symlink option with the Debian-like ssl-cert group (if needed).