Once we get #366418: 0.4: multiple web server support rolling (and in parallel), we will need to create a new content type named "certificate" to manage SSL certificates. That content type will have the following "fields":

* hash, as discovered by the backend
* certificate path (optional?)
* server the certificate is on (n to n? let's start with 1 to n)
* site the certificate is associated with (1 to 1 to start with)
* client that owns the certificate (for access control, 1 to n)

This information will be part of the server verification (now platform verfication) done by the backend.

We will need to modify the site forms to allow choosing which certificate should be applied to which site. Certificates should also be owned by a client so access is not free for all.

This is part of #394452: Full SSL support.

Comments

anarcat’s picture

anarcat CreditAttribution: anarcat commented

I didn't mean #366418: 0.4: multiple web server support but #537016: simple certificate management

adrian’s picture

adrian CreditAttribution: adrian commented

i dont think these need to be nodes.

in some ways i wish we were on drupal 7 already so we could build seperate entities for things and stop trying to make everything a node.

adrian’s picture

adrian CreditAttribution: adrian commented

What i've decided on is explained here :

http://drupal.org/node/537016#comment-3152198

in short : we only have a textual identifier used to build the path to the key.
These keys will still be owned by the client who created them (for now).

adrian’s picture

adrian CreditAttribution: adrian commented
Status: Active » Fixed

this is done in the dev-ssl branch.

Status: Fixed » Closed (fixed)
Issue tags: -aegir-ssl

Automatically closed -- issue fixed for 2 weeks with no activity.

Issue tags: +aegir-ssl

Restoring issue tags, see #2125755: System messages removed all issue tags during D7 upgrade.