Anonymous | Login | 2024-12-21 23:57 MST |
Main | My View | View Issues | Change Log | Roadmap | Repositories |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0019021 | ClearOS | app-certificate-manager - Certificate Manager | public | 2018-02-02 15:49 | 2019-02-23 13:41 | ||||
Reporter | user2 | ||||||||
Assigned To | tracker | ||||||||
Priority | normal | Severity | feature | Reproducibility | N/A | ||||
Status | closed | Resolution | suspended | ||||||
Platform | OS | OS Version | |||||||
Product Version | 7.4.0 | ||||||||
Target Version | 7.6.0 Updates | Fixed in Version | |||||||
Summary | 0019021: Create smart widget for external HTTPS links | ||||||||
Description | ClearOS often links to external UIs, e.g.: - phpMyAdmin - ClearGLASS - CUPS - Openfire The problem: the nasty certificate error shown in the web browser. Openfire was the first app that provided a widget that provides some integration into Let's Encrypt. The external link to Openfire in the ClearOS UI now points to the secure link, e.g. https://openfire.example.com:9091 [^] instead of https://192.168.1.100:9091. [^] Benefit: better usability for the end user ... no more nasty certificate errors in the browser! However, there are some of gotchas that need to be addressed: - Chrome seems to cache the HTTPS connection. If the underlying certificate is changed, a new browser session is needed in order to see the new certificate. Is there a way around this? HTTP headers? - There's no guarantee the hostname provided in the secure certificate is pointing to the ClearOS server. For Let's Encrypt, it's a relatively safe assumption since it would have been a requirement to create the SSL certificate. The assumption might not hold for 3rd party certificates. - Wildcard certificates are not handled in the Openfire implementation. - The current widget shows the self-signed certificate. Users will often not bother importing this certificate so they will continue to see the browser warning. Should we require Let's Encrypt for apps with external links? And then hide the self-signed option? | ||||||||
Tags | No tags attached. | ||||||||
Attached Files | |||||||||
Notes | |
(0009311) dloper (administrator) 2019-02-23 13:41 |
Migrated to: https://gitlab.com/clearos/clearfoundation/app-certificate-manager/issues/5 [^] |
Issue History | |||
Date Modified | Username | Field | Change |
2018-02-02 15:49 | user2 | New Issue | |
2018-02-02 15:50 | user2 | Assigned To | => user2 |
2018-02-02 15:50 | user2 | Status | new => confirmed |
2018-02-02 16:10 | user2 | Description Updated | View Revisions |
2018-04-19 08:43 | user2 | Target Version | 7.5.0 => 7.5.0 Updates |
2018-10-30 18:13 | user2 | Target Version | 7.5.0 Updates => 7.6.0 Updates |
2018-12-14 12:10 | user2 | Status | confirmed => assigned |
2018-12-14 12:10 | user2 | Assigned To | user2 => tracker |
2019-02-23 13:41 | dloper | Note Added: 0009311 | |
2019-02-23 13:41 | dloper | Status | assigned => closed |
2019-02-23 13:41 | dloper | Resolution | open => suspended |