From: Ed Tanous <ed@tanous.net>
To: Gunnar Mills <gmills@linux.vnet.ibm.com>
Cc: devenrao@in.ibm.com,
"Mohammed.Habeeb ISV" <mohammed.habeeb@inventec.com>,
"openbmc@lists.ozlabs.org" <openbmc@lists.ozlabs.org>,
ojayanth@in.ibm.com
Subject: Re: No option to delete SSL certificates
Date: Fri, 5 Mar 2021 09:52:53 -0800 [thread overview]
Message-ID: <CACWQX83ouxxsU+zqeix56feoHerQXJ9uKD+gmgfG8PDSoU6y1Q@mail.gmail.com> (raw)
In-Reply-To: <6fafb378-5de7-74e3-4fef-17cb93d61c41@linux.vnet.ibm.com>
On Fri, Mar 5, 2021 at 9:43 AM Gunnar Mills <gmills@linux.vnet.ibm.com> wrote:
>
> On 3/4/2021 8:52 PM, Mohammed.Habeeb ISV wrote:
> > In webui-vue , SSL certificates has only replace option. Delete button
> > is greyed out.
> >
> > Is there any reason for not providing delete option?
I can't explain why the TrustStore certificate isn't deletable, that
seems like a bug in webui-vue.
The HTTPS certificate isn't deletable because that would effectively
disable the HTTPS interface entirely, which seems like a problem,
given that you're currently using the HTTPS interface to communicate
with the BMC. Because of that, we only support replacing the
certificate. In a perfect world, we could regenerate a new
self-signed certificate if the old one was deleted, but nobody has
written that code so far as I'm aware, I suspect because it's just as
easy to replace the certificate with your own self-signed cert.
>
> Looking at the code, I believe the only certificate that can be deleted
> in bmcweb is the Trust Store Certificate
> https://github.com/openbmc/bmcweb/blob/feaf15005555a3099c7f22a7e3d16c99ccb40e72/redfish-core/lib/certificate_service.hpp#L1347
>
> And this is reflected in the webui-vue code:
> https://github.com/openbmc/webui-vue/blob/4da9495925d601bb4edfb8b007d5b54792b7491b/src/views/AccessControl/SslCertificates/SslCertificates.vue#L183
>
> I am not sure if there is a reason for not supporting deleting other
> certificates or just no one has done the work.
> https://github.com/openbmc/bmcweb/commit/07a602993f1007b0b0b764bdb3f14f302a8d2e26
>
> Thanks,
> Gunnar
next prev parent reply other threads:[~2021-03-05 17:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-05 3:52 No option to delete SSL certificates Mohammed.Habeeb ISV
2021-03-05 17:42 ` Gunnar Mills
2021-03-05 17:52 ` Ed Tanous [this message]
2021-03-05 18:22 ` Mohammed.Habeeb ISV
2021-03-05 18:41 ` Milton Miller II
2021-03-05 20:28 ` Ed Tanous
2021-03-05 23:24 ` Derick Montague
2021-03-06 5:03 ` Jayanth Othayoth
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACWQX83ouxxsU+zqeix56feoHerQXJ9uKD+gmgfG8PDSoU6y1Q@mail.gmail.com \
--to=ed@tanous.net \
--cc=devenrao@in.ibm.com \
--cc=gmills@linux.vnet.ibm.com \
--cc=mohammed.habeeb@inventec.com \
--cc=ojayanth@in.ibm.com \
--cc=openbmc@lists.ozlabs.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).