ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0019021ClearOSapp-certificate-manager - Certificate Managerpublic2018-02-02 15:492018-10-30 18:13
Reporterpbaldwin 
Assigned Topbaldwin 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version7.4.0 
Target Version7.6.0 UpdatesFixed in Version 
Summary0019021: Create smart widget for external HTTPS links
DescriptionClearOS often links to external UIs, e.g.:

- phpMyAdmin
- ClearGLASS
- CUPS
- Openfire

The problem: the nasty certificate error shown in the web browser.

Openfire was the first app that provided a widget that provides some integration into Let's Encrypt. The external link to Openfire in the ClearOS UI now points to the secure link, e.g. https://openfire.example.com:9091 [^] instead of https://192.168.1.100:9091. [^] Benefit: better usability for the end user ... no more nasty certificate errors in the browser!

However, there are some of gotchas that need to be addressed:

- Chrome seems to cache the HTTPS connection. If the underlying certificate is changed, a new browser session is needed in order to see the new certificate. Is there a way around this? HTTP headers?

- There's no guarantee the hostname provided in the secure certificate is pointing to the ClearOS server. For Let's Encrypt, it's a relatively safe assumption since it would have been a requirement to create the SSL certificate. The assumption might not hold for 3rd party certificates.

- Wildcard certificates are not handled in the Openfire implementation.

- The current widget shows the self-signed certificate. Users will often not bother importing this certificate so they will continue to see the browser warning. Should we require Let's Encrypt for apps with external links? And then hide the self-signed option?
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
There are no notes attached to this issue.

- Issue History
Date Modified Username Field Change
2018-02-02 15:49 pbaldwin New Issue
2018-02-02 15:50 pbaldwin Assigned To => pbaldwin
2018-02-02 15:50 pbaldwin Status new => confirmed
2018-02-02 16:10 pbaldwin Description Updated View Revisions
2018-04-19 08:43 pbaldwin Target Version 7.5.0 => 7.5.0 Updates
2018-10-30 18:13 pbaldwin Target Version 7.5.0 Updates => 7.6.0 Updates