At moment to remove SSL certificate you need to manually remove folder containing certificate from /var/aegir/config/ssl.d/ and /var/aegir/config/server_master/ssl.d/ if exists. In addition to this steps you need to delete the entry for the certificate you are deleting in the hosting_ssl_cert MySQL table.

So it would be grate if there was an interface to do this steps. It would be more grate if there was an interface to do add certificates.

Comments

anarcat’s picture

helmo’s picture

Title: Add interface to manage SSL sertificates » Add interface to manage SSL certificates

title typo

Steven Jones’s picture

Project: Provision » Hostmaster (Aegir)
Version: 6.x-1.9 » 6.x-1.x-dev

Updating to the frontend.

anarcat’s picture

Version: 6.x-1.x-dev » 6.x-2.x-dev
Assigned: Unassigned » anarcat

I will look at this for #1126640: move the SSL IP allocation to the frontend to allow users to quickly get a grasp of how things are going after the upgrade.

anarcat’s picture

Status: Active » Needs work

I have made a read-only browser for the server nodes in the IP cleanup branch. Hang in there, some of this will be part of 2.x...

I am not sure we'll make this delete certifcates in the backend just yet, as SSL certificates are not their own entity yet, which means they have no task associated with them. Maybe this part will have to wait for the D7 port and therefore 3.x.

Code is in commit b52f623 on the dev-ssl-ip-allocation-refactor branch.

anarcat’s picture

The new code now cleans up ~/config/server_master/ssl.d files, but not ~/config/ssl.d - which I am not sure we want to destroy because they may contain valuable data from the admin.

blueprint’s picture

Ok, as far as I can see, having begun testing with 2 rc4, we're at:

1. a new method for naming the folder origin of the certificates (which is helpful)
2. a means for choosing (as in the old case, but not based on hostname)
3. the old 'list of ips' although not as a text field but as independant entries

What's still missing is the wildcards, correct?

I'm looking at the code, but it's changed substantially and I need to port a number of other changes while I'm at it (for clients) ... but I'll try to take a crack at refactoring the ips in the front end ...

Thanks for the great work,

Mark

ergonlogic’s picture

Version: 6.x-2.x-dev » 7.x-3.x-dev
Issue summary: View changes

New features need to be implemented in Aegir 3.x, then we can consider back-porting to Aegir 2.x.