Problem: Certificate Sync between Master and Backup is not working

ucs-4
ssl
certificates
sync

#1

Problem:

Changes to the SSL Certificate are not synced to the backup system(s). This is a default mechanism that normally syncs all changes to the certificates to alle existing backup systems.

Solution:

The most common fault is the missing of the executable flag on one of the folders within the path to the certificate. Take care of the x-flag for the owner and group is set to all folders.

Like for example:

root@master:~# ls -dl /etc/
drwxr-xr-x 154 root root 12K Dez  6 18:07 /etc/
root@master:~# ls -dl /etc/univention/
drwxr-xr-x 13 root root 4,0K Dez  6 18:12 /etc/univention/
root@master:~# ls -dl /etc/univention/ssl/
drwxr-xr-x 29 root DC Backup Hosts 4,0K Okt 11 15:21 /etc/univention/ssl/
root@master:~# ls -dl /etc/univention/ssl/ucsCA/
drwxrwxr-x 6 root DC Backup Hosts 4,0K Dez  3 12:35 /etc/univention/ssl/ucsCA/

root@master:~# ls -dla /etc/univention/ssl/master.domain.tld/
drwxr-x--- 2 master$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/master.domain.tld/

root@master:~# ls -dla /etc/univention/ssl/backup*.domain.tld/
drwxr-x--- 2 backup-1$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/backup-1.domain.tld
drwxr-x--- 2 backup-2$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/backup-2.domain.tld

#2