ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0017051ClearOSapp-certificate-manager - Certificate Managerpublic2017-09-13 13:542017-09-24 12:49
Reporterpbaldwin 
Assigned Topbaldwin 
PrioritynormalSeveritytweakReproducibilityhave not tried
StatusacknowledgedResolutionopen 
PlatformOSOS Version
Product Version7.4.0 Beta 1 
Target VersionFixed in Version 
Summary0017051: Certificate manager should detected embedded intermediate chains
DescriptionIt's fairly common to see intermediate certificates concatenated into the certificate, e.g.:

-----BEGIN CERTIFICATE-----
... server certificate ...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
... intermediate certificate ...
-----END CERTIFICATE-----

The consumer of the SSL certificates (e.g. Apache) might need this information in order to configure certificates.


TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0006581)
NickH (reporter)
2017-09-24 01:54

Perhaps with the obsoleting of SSLCertificateChainFile in Apache 2.4.8 (https://httpd.apache.org/docs/2.4/mod/mod_ssl.html [^]) this bug may need to be changed such that when an intermediate certificate is imported, it should be concatenated with the certificate file and then drop the SSLCertificateChainFile parameter from flex-443.conf.

I don't know how the other certificate using programs (postfix, zarafa and so on) work with a single "fullchain" file. I know cyrus-imap works as this is how it generates its own self-signed certificate.
(0006591)
pbaldwin (administrator)
2017-09-24 12:49

The consuming-side of the API call (e.g. Postfix) should be able to request whatever it needs:

- Key file
- Certificate file
- Intermediate
- Certificate + Intermediate

The flip side: if someone imports a "Certificate", and it's really a "Certificate + Intermediate", the Certificate Manager should detect this use case and handle it appropriately. That will keep everything nice and clean.

- Issue History
Date Modified Username Field Change
2017-09-13 13:54 pbaldwin New Issue
2017-09-24 01:54 NickH Note Added: 0006581
2017-09-24 12:41 pbaldwin Assigned To => pbaldwin
2017-09-24 12:41 pbaldwin Status new => acknowledged
2017-09-24 12:49 pbaldwin Note Added: 0006591