Idea ID: 2784641

Automatic certificate handling with single repository for server certificates and configurable expiration.

Status: Waiting for Votes

Waiting for Votes

See status update history

SSL certificates reside in multiple locations on the OES Linux servers. If the certificates must be replaced due to expiration or other issues this means that copies must be placed into multiple directories and daemons restarted, etc. There is an excellent Cool Solutions script "Certificate Re-creation Script for OES1, OES2 and OES 11" that helps automate much of this process. I believe that this is something that should be a native part of OES.

I believe that the following would help every System Administrator from the novice to the experienced more easily utilize Novell OES in their environments.

1.) Modify OES services to utilize a single storage location for all certificates.
2.) Create a process by which when certificates expire they are automatically replaced with new ones from the TREE's CA working.
3.) Allow Administrators to set the length of time that the certificates expire higher than 2 years.
4.) On the CA, make the default CRL distribution points work correctly by default. The LDAP ones rely on port 389 being open which I am certain many do not. So test and don't create unless LDAP(389) is open. The HTTP(80) ones point to a location that doesn't exist by default. Requiring the System Administrator to create a script to copy the CRL file to a web accessible location

I don't see anyone listing this as a request but there are some comments on the Cool Solutions article asking for some of these items. While many of this are becoming adept at the management of certificates on OES, there seems to be little reason to not automate this process so that we don't need to handle it manually.

This would leave us to take care of other more weighty issues unless there is a need to troubleshoot certificates. Much like how Netware had handled certificates for many years.

I don't see a good category as it affects multiple systems but I'll select one.

Tags:

Parents Comment Children
No Data