ClearFoundation Tracker - ClearOS
View Issue Details
0019021ClearOSapp-certificate-manager - Certificate Managerpublic2018-02-02 15:492019-02-23 13:41
7.6.0 Updates 
0019021: Create smart widget for external HTTPS links
ClearOS often links to external UIs, e.g.:

- phpMyAdmin
- ClearGLASS
- Openfire

The problem: the nasty certificate error shown in the web browser.

Openfire was the first app that provided a widget that provides some integration into Let's Encrypt. The external link to Openfire in the ClearOS UI now points to the secure link, e.g. [^] instead of [^] Benefit: better usability for the end user ... no more nasty certificate errors in the browser!

However, there are some of gotchas that need to be addressed:

- Chrome seems to cache the HTTPS connection. If the underlying certificate is changed, a new browser session is needed in order to see the new certificate. Is there a way around this? HTTP headers?

- There's no guarantee the hostname provided in the secure certificate is pointing to the ClearOS server. For Let's Encrypt, it's a relatively safe assumption since it would have been a requirement to create the SSL certificate. The assumption might not hold for 3rd party certificates.

- Wildcard certificates are not handled in the Openfire implementation.

- The current widget shows the self-signed certificate. Users will often not bother importing this certificate so they will continue to see the browser warning. Should we require Let's Encrypt for apps with external links? And then hide the self-signed option?
No tags attached.
Issue History
2018-02-02 15:49user2New Issue
2018-02-02 15:50user2Assigned To => user2
2018-02-02 15:50user2Statusnew => confirmed
2018-02-02 16:10user2Description Updatedbug_revision_view_page.php?rev_id=2011#r2011
2018-04-19 08:43user2Target Version7.5.0 => 7.5.0 Updates
2018-10-30 18:13user2Target Version7.5.0 Updates => 7.6.0 Updates
2018-12-14 12:10user2Statusconfirmed => assigned
2018-12-14 12:10user2Assigned Touser2 => tracker
2019-02-23 13:41dloperNote Added: 0009311
2019-02-23 13:41dloperStatusassigned => closed
2019-02-23 13:41dloperResolutionopen => suspended

2019-02-23 13:41   
Migrated to: [^]