Bug #19078
closed
It's extremely difficult for an user to know there's a problem with root certificates
Description
We had a case very hard to diagnose on gitter: https://gitter.im/normation/rudder?at=60589649bc554b42d6180756 (and related comments).
The problem was that there was an inconsistency between the root server private key and certificate because of a partial backup restauration (the user wasn't aware of that either).
This is typically the example of thing that should be checked in the healthcheck:
- it's a rare occurence, so neither users nor rudder dev think to it first hand,
- the debugin is not easy, it needs to analyse logs, see that there is some openssl errors that matters, etc
- documentation won't help: of course private and public key must match. And of course a backup should not be partial.
But it's something easy to check automatically, since it's an invariant, one of these truth that must hold at all time.
(and the check by itself should be easy enought, we just need to check that the private/public keys/certificates matches (https://stackoverflow.com/questions/49426844/how-to-validate-a-public-and-private-key-pair-in-java))
Updated by Vincent MEMBRÉ about 3 years ago
- Target version changed from 6.2.5 to 6.2.6
Updated by Vincent MEMBRÉ almost 3 years ago
- Target version changed from 6.2.6 to 6.2.7
Updated by Vincent MEMBRÉ almost 3 years ago
- Target version changed from 6.2.7 to 6.2.8
Updated by Vincent MEMBRÉ almost 3 years ago
- Target version changed from 6.2.8 to 6.2.9
- Priority changed from 80 to 77
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.2.9 to 6.2.10
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.2.10 to 6.2.11
- Priority changed from 77 to 75
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.2.11 to 6.2.12
- Priority changed from 75 to 72
Updated by Vincent MEMBRÉ over 2 years ago
- Target version changed from 6.2.12 to 6.2.13
- Priority changed from 72 to 71
Updated by Vincent MEMBRÉ about 2 years ago
- Target version changed from 6.2.13 to 6.2.14
- Priority changed from 71 to 67
Updated by Vincent MEMBRÉ almost 2 years ago
- Target version changed from 6.2.14 to 6.2.15
Updated by Vincent MEMBRÉ almost 2 years ago
- Target version changed from 6.2.15 to 6.2.16
Updated by Alexis Mousset over 1 year ago
- Target version changed from 6.2.16 to 6.2.17
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 6.2.17 to 997
- Priority changed from 67 to 0
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 997 to 6.2.18
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 6.2.18 to 6.2.19
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 6.2.19 to 6.2.20
Updated by Vincent MEMBRÉ over 1 year ago
- Target version changed from 6.2.20 to old 6.2 issues to relocate
Updated by Alexis Mousset 8 months ago
- Subject changed from It's extremelly difficult for an user to know there's a problem with root certificates to It's extremely difficult for an user to know there's a problem with root certificates
- Regression set to No