Project

General

Profile

Tâche #28478

Scénario #28335: En 2.7, les liens /usr/local/share/ca-certificates/ vers /usr/share/ca-certificates ne sont plus utiles

Ne plus fournir de chaîne de certificats toute faite

Added by Daniel Dehennin almost 2 years ago. Updated almost 2 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
06/03/2019
Due date:
% Done:

100%

Spent time:
Remaining (hours):
0.0

Description

Le certificats ACInfraEducation.crt est une chaîne de certificats qui fourni 4 certificats :

  • Subject: CN=AC Infrastructures,OU=110 043 015,O=Ministere education nationale (MENESR),C=FR
  • Subject: CN=AC Enseignement Scolaire,OU=110 043 015,O=Ministere Education Nationale (MENESR),C=FR,EMAIL=igc@orion.education.fr
  • Subject: CN=AC Education Nationale,OU=110 043 015,O=Ministere Education Nationale (MENESR),C=FR,EMAIL=igc@orion.education.fr
  • Subject: EMAIL=igca@sgdn.pm.gouv.fr,CN=IGC/A,OU=DCSSI,O=PM/SGDN,L=Paris,ST=France,C=FR

Actuellement, seul le dernier n’est pas fourni par un fichier .crt individuel.

Nous devrions le fournir et ne plus fournir la chaîne toute faite.


Related issues

Related to Documentations - Tâche #28945: [Documentation] Ajout régénération certificat SSL Fermé 09/09/2019

Associated revisions

Revision ec4a7a66 (diff)
Added by Daniel Dehennin almost 2 years ago

Certificates: remove outdated certificates

Ref: #28478

Revision 1239e51c (diff)
Added by Daniel Dehennin almost 2 years ago

Update the list of certificates to enable

Ref: #28478

Revision fdaa1d30 (diff)
Added by Daniel Dehennin almost 2 years ago

Certificates: cleanup dangling symlinks

Ref: #28478

Revision d24303fc (diff)
Added by Daniel Dehennin almost 2 years ago

Certificates: fix cleanup of dangling symlinks

Ref: #28478

Revision 862626fc (diff)
Added by Daniel Dehennin almost 2 years ago

Certificates: fix IGCA certificate name

Ref: #28478

History

#1 Updated by Daniel Dehennin almost 2 years ago

Ceux là sont même périmés

  • Subject: CN=AC Education Nationale,OU=110 043 015,O=Ministere Education Nationale (MENESR),C=FR,EMAIL=igc@orion.education.fr
    • Not After: Tue Dec 22 14:00:00 UTC 2015
  • Subject: CN=AC Enseignement Scolaire,OU=110 043 015,O=Ministere Education Nationale (MENESR),C=FR,EMAIL=igc@orion.education.fr
    • Not After: Tue Dec 22 11:00:00 UTC 2015
  • Subject: CN=AC Infrastructures,OU=110 043 015,O=Ministere education nationale (MENESR),C=FR
    • Not After: Tue Dec 22 10:00:00 UTC 2015

#2 Updated by Daniel Dehennin almost 2 years ago

  • Status changed from Nouveau to En cours

#3 Updated by Daniel Dehennin almost 2 years ago

  • Assigned To set to Daniel Dehennin

#4 Updated by Fabrice Barconnière almost 2 years ago

Erreur au reconfigure d'un aca.scribe 2.7.1

----------------------------------------------------------------------------------------------
                                  Génération des certificats                                  
----------------------------------------------------------------------------------------------
Doing /usr/lib/ssl/certs
WARNING: Skipping duplicate certificate ca-certificates.crt
WARNING: Skipping duplicate certificate ca-certificates.crt
WARNING: Skipping duplicate certificate ca_local.crt
WARNING: Skipping duplicate certificate ca_local.crt
WARNING: Skipping duplicate certificate eole.pem
WARNING: Skipping duplicate certificate eole.pem
Erreur : le fichier /etc/ssl/certs/ACInfraEducation.pem n'existe pas.
[Errno 2] No such file or directory: '/etc/ssl/certs/ACInfraEducation.pem'
Erreur lors de la génération des certificats : [Errno 2] No such file or directory: '/etc/ssl/certs/ACInfraEducation.pem'

#5 Updated by Scrum Master almost 2 years ago

  • Status changed from En cours to Résolu

#6 Updated by Fabrice Barconnière almost 2 years ago

  • Status changed from Résolu to Fermé
  • % Done changed from 0 to 100
  • Remaining (hours) set to 0.0

OK :

root@amon:~# ll /usr/local/share/ca-certificates/menesr/
total 8
drwxr-xr-x 2 root root 4096 juin   6 09:53 ./
drwxr-xr-x 4 root root 4096 mai   13 09:50 ../
lrwxrwxrwx 1 root root   42 juin   6 09:53 igca.crt -> /usr/share/ca-certificates/menesr/igca.crt

root@amon:~# ll /etc/ssl/certs/igca.pem 
lrwxrwxrwx 1 root root 48 juin   6 09:53 /etc/ssl/certs/igca.pem -> /usr/local/share/ca-certificates/menesr/igca.crt

#7 Updated by Joël Cuissinat over 1 year ago

  • Related to Tâche #28945: [Documentation] Ajout régénération certificat SSL added

Also available in: Atom PDF