Univention Dashboard Cert.Error

Hello,
after installing the Dashboard-Client on some additional Servers i don’t get any changes on the Dashboard.

The metrics-prometheus/targets shows x509: certificate signed by unknown authority an all additionally added Servers.

Any hints why prometheus thinks it is a unknown authority?

Greets
Matthias

Hi,

do you use the default UCS Root CA?

There is currently a problem when using the dashboard App together with the Let’s Encrypt App. In this scenario the Apache is configured to use the Let’s Encrypt certificate, which is valid for the external DNS name, not the UCS hostname. But the dashboard App want’s a HTTPS connection with the UCS hostname :-(. We are working on a solution for that.

“certificate signed by unknown authority” sounds like the Root CA certificate is unknown to the system. By default the UCS Root CA is copied into /usr/local/share/ca-certificates/ (and “update-ca-certificates -f” is called) on every server to make the cert available in the globale cert store. So maybe you need to do something like this.

Best regards,
Felix

Hi,

as far as i know i did not configure anything except that i pressed install in the UMC.
I do not use Let`s Encrypt. This is an internal Domain and it´s Certificates are completely under control of the UCS.

image

root@dc1:~# univention-app info
UCS: 4.3-2 errata287
Installed: admin-dashboard=1.0-beta dhcp-server=12.0 mobydick=1.0.0 nagios=4.3 pkgdb=11.0 prometheus=1.0-beta prometheus-node-exporter=1.0-beta2 samba4=4.7 self-service=3.0
Upgradable:
root@dc1:~#
root@dc2:~# univention-app info
UCS: 4.3-2 errata287
Installed: cups=2.2.1 prometheus-node-exporter=1.0-beta2 samba4=4.7
Upgradable:
root@dc2:~#

Best regards,
Matthias

Hello,
i just took an other look.

All my hosts exept the dc1 enforce https which leads to the above error. Prometheus does not use the correct root certificate.

Regards,
Matthias

Mastodon