SOLVED Export/import ssl directory
-
I think the ability to export/import the ssl directory through the web gui would be beneficial. This would help people who use fog 1.3+ and also use the fog client. It’d help them when they want to build a new server. Right now, I have written instructions for this here and here but it’s all manual work.
I think that ‘Configuration Save’ is appropriately named if it really does save all configuration including the ssl directory. Right now, ‘Configuration Save’ only imports/exports the database. If that stays the same, a more appropriate name would be ‘Database Save’, and perhaps we add another item called ‘SSL Save’ ? Lots of ways to do this. I’d like to see ‘Configuration Save’ remain the same so that all the threads/posts about it are still accurate, and just have the SSL exporting/importing added to it.
-
@Wayne-Workman unfortunately we will not add this. The ssl directory where your private keys are stored, and should never be accessible via the web GUI. That presents a massive security risk as a single bug in the web GUI could provide anyone with access to your private certs; arguably the most sensitive data on the server.
As the saying goes, security and convience are usually at opposite ends of the spectrum; and this is one thing we will not compromise on.
Exporting your keys as root using ssh is the preferred, and only way, we will support.
-
@Wayne-Workman unfortunately we will not add this. The ssl directory where your private keys are stored, and should never be accessible via the web GUI. That presents a massive security risk as a single bug in the web GUI could provide anyone with access to your private certs; arguably the most sensitive data on the server.
As the saying goes, security and convience are usually at opposite ends of the spectrum; and this is one thing we will not compromise on.
Exporting your keys as root using ssh is the preferred, and only way, we will support.
