Project

General

Profile

Bug #19078

It's extremelly difficult for an user to know there's a problem with root certificates

Added by Fran├žois ARMAND 16 days ago. Updated 16 days ago.

Status:
New
Priority:
N/A
Category:
System integration
Target version:
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
80

Description

We had a case very hard to diagnose on gitter: https://gitter.im/normation/rudder?at=60589649bc554b42d6180756 (and related comments).

The problem was that there was an inconsistency between the root server private key and certificate because of a partial backup restauration (the user wasn't aware of that either).

This is typically the example of thing that should be checked in the healthcheck:

- it's a rare occurence, so neither users nor rudder dev think to it first hand,
- the debugin is not easy, it needs to analyse logs, see that there is some openssl errors that matters, etc
- documentation won't help: of course private and public key must match. And of course a backup should not be partial.

But it's something easy to check automatically, since it's an invariant, one of these truth that must hold at all time.
(and the check by itself should be easy enought, we just need to check that the private/public keys/certificates matches (https://stackoverflow.com/questions/49426844/how-to-validate-a-public-and-private-key-pair-in-java))

No data to display

Also available in: Atom PDF