Project

General

Profile

Actions

Bug #8658

closed

svc-cacert should create ca-bundle if it doesn't exist

Added by Till Wegmüller almost 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Category:
-
Target version:
-
Start date:
2017-09-17
Due date:
% Done:

0%

Estimated time:
Difficulty:
Bite-size
Tags:
needs-triage

Description

Sometimes during Zone Installation /etc/certs/ca-certificates.crt is not created because mtime/ctime on /etc/certs/CA/ is not newer than /etc/openssl/certs

To reproduce
Create a zone with zonecfg and install with zoneadm.

After installation /etc/certs/ca-certificates.crt does not exist.

Workaround:
touch /etc/certs/CA/touch.time
svcadm restart ca-certificates

So far I have two zones where this happened. But i don't know if it happens with every zone.

Actions #1

Updated by Alexander Pyhalov almost 5 years ago

  • Subject changed from Sometimes during Zone Installation /etc/certs/ca-certificates.crt is not created because mtime/ctime on /etc/certs/CA/ is not newer than /etc/openssl/certs to svc-cacert should create ca-bundle if it doesn't exist
Actions #2

Updated by Alexander Pyhalov almost 5 years ago

  • Status changed from New to Resolved
  • Assignee set to Alexander Pyhalov
  • Difficulty changed from Medium to Bite-size
Actions

Also available in: Atom PDF