Problem:
After renewing my CA Certificate I cannot use the userimport
You get the following Traceback
Interner Server-Fehler in "schoolimport/ping".
Request: schoolimport/ping
Traceback (most recent call last):
File
"/usr/lib/python2.7/dist-packages/univention/management/console/base.py", line
359, in __error_handling
six.reraise(etype, exc, etraceback)
File
"/usr/lib/python2.7/dist-packages/univention/management/console/protocol/modserver.py",
line 202, in _recv
self.handle(msg)
File
"/usr/lib/python2.7/dist-packages/univention/management/console/protocol/modserver.py",
line 272, in handle
six.reraise(self.__init_etype, self.__init_exc, self.__init_etraceback)
File
"/usr/lib/python2.7/dist-packages/univention/management/console/protocol/modserver.py",
line 313, in handle
self.__handler.init()
File
"/usr/lib/python2.7/dist-packages/univention/management/console/modules/schoolimport/__init__.py",
line 80, in init
ssl_verify=ssl_verify,
File "/usr/lib/python2.7/dist-packages/ucsschool/http_api/client.py",
line 413, in __init__
setattr(self, cls_name, kls(self))
File "/usr/lib/python2.7/dist-packages/ucsschool/http_api/client.py",
line 533, in __init__
self.resource_url = self.client.resource_urls[self.resource_name]
File "/usr/lib/python2.7/dist-packages/ucsschool/http_api/client.py",
line 429, in resource_urls
self._resource_urls = self.call_api("get", ".")
File "/usr/lib/python2.7/dist-packages/ucsschool/http_api/client.py",
line 498, in call_api
raise ConnectionError(str(exc))
ConnectionError: ("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",)
Investigation:
Make sure the server , was restarted after the certificate renewal
Check the certicate Name:
openssl s_client -connect $(hostname -f):443
If the name differs from hostname -f you can set
ucr set ucsschool/import/http_api/client/server='<Name in Certificate>'
Solution:
update-ca-certificates -f
systemctl restart ucs-school-import-http-api.service