Bug #2856

certificate-update event should restart httpd

Added by Filippo Carletti about 5 years ago. Updated about 5 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-httpd
Target version:v6.5
Security class: Resolution:
Affected version:v6.5-final NEEDINFO:No

Description

apache requires a restart when certificates are changed, a graceful is not enough.
Steps to reproduce:
follow instructions to change certficate (http://docs.nethserver.org/projects/nethserver-devel/en/latest/certificate_management.html#install-a-custom-certificate)
connect to nethserver using https, the old cert is offered
connect to port 980, new cert is server

Here's why:
/etc/e-smith/events/certificate-update/services2adjust/httpd-admin -> reload
/etc/e-smith/events/certificate-update/services2adjust/httpd -> graceful

Doing a service httpd reload and accessing the server, shows the new certificate.

Associated revisions

Revision 6fcd4611
Added by Giacomo Sanchietti about 5 years ago

createlinks: reload httpd on certificateupdate event. Refs #2856

History

#1 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti about 5 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-httpd-2.3.1-2.0git6fcd4611.ns6.noarch.rpm
Test case
  • Install the new package
  • Request a https page (https://<server>)
  • Change the certificate
    db configuration setprop pki CommonName custom.cn
    signal-event certificate-update
    
  • Request the same https page, the certificate must have the new common name

#5 Updated by Davide Principi about 5 years ago

  • Assignee set to Davide Principi

#6 Updated by Davide Principi about 5 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 70 to 90

VERIFIED

#7 Updated by Davide Principi about 5 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates:
nethserver-httpd-2.3.2-1.ns6.noarch.rpm

Also available in: Atom PDF