Problem: Certificate Sync between Master and Backup is not working


Changes to the SSL Certificate are not synced to the backup system(s). This is a default mechanism that normally syncs all changes to the certificates to alle existing backup systems.


The most common fault is the missing of the executable flag on one of the folders within the path to the certificate. Take care of the x-flag for the owner and group is set to all folders.

Like for example:

root@master:~# ls -dl /etc/
drwxr-xr-x 154 root root 12K Dez  6 18:07 /etc/
root@master:~# ls -dl /etc/univention/
drwxr-xr-x 13 root root 4,0K Dez  6 18:12 /etc/univention/
root@master:~# ls -dl /etc/univention/ssl/
drwxr-xr-x 29 root DC Backup Hosts 4,0K Okt 11 15:21 /etc/univention/ssl/
root@master:~# ls -dl /etc/univention/ssl/ucsCA/
drwxrwxr-x 6 root DC Backup Hosts 4,0K Dez  3 12:35 /etc/univention/ssl/ucsCA/

root@master:~# ls -dla /etc/univention/ssl/master.domain.tld/
drwxr-x--- 2 master$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/master.domain.tld/

root@master:~# ls -dla /etc/univention/ssl/backup*.domain.tld/
drwxr-x--- 2 backup-1$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/backup-1.domain.tld
drwxr-x--- 2 backup-2$ DC Backup Hosts 4,0K Jun  2  2017 /etc/univention/ssl/backup-2.domain.tld