ClearOS Bug Tracker


View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0019021ClearOSapp-certificate-manager - Certificate Managerpublic2018-02-02 15:492019-02-23 13:41
Reporteruser2 
Assigned Totracker 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionsuspended 
PlatformOSOS Version
Product Version7.4.0 
Target Version7.6.0 UpdatesFixed in Version 
Summary0019021: Create smart widget for external HTTPS links
DescriptionClearOS often links to external UIs, e.g.:

- phpMyAdmin
- ClearGLASS
- CUPS
- Openfire

The problem: the nasty certificate error shown in the web browser.

Openfire was the first app that provided a widget that provides some integration into Let's Encrypt. The external link to Openfire in the ClearOS UI now points to the secure link, e.g. https://openfire.example.com:9091 [^] instead of https://192.168.1.100:9091. [^] Benefit: better usability for the end user ... no more nasty certificate errors in the browser!

However, there are some of gotchas that need to be addressed:

- Chrome seems to cache the HTTPS connection. If the underlying certificate is changed, a new browser session is needed in order to see the new certificate. Is there a way around this? HTTP headers?

- There's no guarantee the hostname provided in the secure certificate is pointing to the ClearOS server. For Let's Encrypt, it's a relatively safe assumption since it would have been a requirement to create the SSL certificate. The assumption might not hold for 3rd party certificates.

- Wildcard certificates are not handled in the Openfire implementation.

- The current widget shows the self-signed certificate. Users will often not bother importing this certificate so they will continue to see the browser warning. Should we require Let's Encrypt for apps with external links? And then hide the self-signed option?
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0009311)
dloper (administrator)
2019-02-23 13:41

Migrated to: https://gitlab.com/clearos/clearfoundation/app-certificate-manager/issues/5 [^]

- Issue History
Date Modified Username Field Change
2018-02-02 15:49 user2 New Issue
2018-02-02 15:50 user2 Assigned To => user2
2018-02-02 15:50 user2 Status new => confirmed
2018-02-02 16:10 user2 Description Updated View Revisions
2018-04-19 08:43 user2 Target Version 7.5.0 => 7.5.0 Updates
2018-10-30 18:13 user2 Target Version 7.5.0 Updates => 7.6.0 Updates
2018-12-14 12:10 user2 Status confirmed => assigned
2018-12-14 12:10 user2 Assigned To user2 => tracker
2019-02-23 13:41 dloper Note Added: 0009311
2019-02-23 13:41 dloper Status assigned => closed
2019-02-23 13:41 dloper Resolution open => suspended