Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ensure certificate serial number is short enough for firefox #480

Merged
merged 3 commits into from
Oct 5, 2023
Merged

Ensure certificate serial number is short enough for firefox #480

merged 3 commits into from
Oct 5, 2023

Conversation

edlerd
Copy link
Collaborator

@edlerd edlerd commented Oct 4, 2023
edited
Loading

Done

  • Make generated certificates compatible to firefox, too long serial numbers cause problems in it. See this bug.
  • Add hostname to the downloaded pfx and crt files
  • Add hostname to certificate name

QA

  1. Run the LXD-UI:
    • On the demo server via the link posted by @webteam-app below. This is only available for PRs created by collaborators of the repo. Ask @lorumic or @edlerd for access.
    • With a local copy of this branch, run as described here.
  2. Perform the following QA steps:
    • create new certificates
    • import to firefox and test usage -- using the cert against the dev server with dotrun will not work, because the cert is in the proxy and not coming from the browser. Test it against LXD directly under https://localhost:8443 with a locally UI enabled LXD
    • ensure name contains hostname

@edlerd
fix(certificate) ensure certificate serial number is less than 20 byt…
17712a2 
…es long to work in firefox. Add the hostname to the certificate name and filenames
@webteam-app
Copy link

Demo starting at https://lxd-ui-480.demos.haus

@edlerd edlerd requested a review from lorumic October 4, 2023 18:27
lorumic
lorumic reviewed Oct 4, 2023
View reviewed changes
Copy link
Contributor

@lorumic lorumic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some QA notes:

  1. "Scroll all the way down" it says in the tutorial for Firefox, but it's not at the very bottom. Maybe we could change this line to "Scroll down to the Certificates section, and then click the View Certificates button"?

  2. For some reason, the spinner is not visible on Firefox while generating:

image

This works as expected on Chrome.

I cannot seem to be able to complete the process. When I restart the browser, I don't get asked to select the certificate by the browser. Neither on Firefox, nor on Chrome. Any idea why? Do I need to configure some auth setting in LXD?

src/util/certificate.tsx Outdated Show resolved Hide resolved
@edlerd
Copy link
Collaborator Author

edlerd commented Oct 5, 2023

I cannot seem to be able to complete the process. When I restart the browser, I don't get asked to select the certificate by the browser. Neither on Firefox, nor on Chrome. Any idea why? Do I need to configure some auth setting in LXD?

Added the qa steps above. This only works when talking to LXD directly, the dev environment does not use the browsers client certificates.

edlerd and others added 2 commits October 5, 2023 11:19
@edlerd @lorumic
Update src/util/certificate.tsx
240a351 
Co-authored-by: Michele Lo Russo <michele.lorusso@canonical.com>
@edlerd
fix(cert) ensure firefox has enough time to show the cert generation …
70d6a16 
…spinner, adjust firefox tutorial
@edlerd
Copy link
Collaborator Author

edlerd commented Oct 5, 2023

Some QA notes:

Addressed those just now.

@edlerd edlerd requested a review from lorumic October 5, 2023 09:33
@lorumic
Copy link
Contributor

lorumic commented Oct 5, 2023

Test it against LXD directly under https://localhost:8443 with a locally UI enabled LXD

Can you elaborate on this a bit more? It seems to me that this tiny addition to the QA steps is still implying a lot of prior knowledge.

@edlerd
Copy link
Collaborator Author

edlerd commented Oct 5, 2023

Test it against LXD directly under https://localhost:8443 with a locally UI enabled LXD

Can you elaborate on this a bit more? It seems to me that this tiny addition to the QA steps is still implying a lot of prior knowledge.

Follow the steps from the readme to install LXD normally. Then use the new certificate that you generated from this branches dev environment.

@edlerd edlerd merged commit 83208a4 into canonical:main Oct 5, 2023
5 checks passed
@edlerd edlerd deleted the cert-generation-firefox branch October 5, 2023 13:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lorumic lorumic lorumic approved these changes

Assignees
No one assigned
Labels
Review: Code +1 Review: QA +1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@edlerd @webteam-app @lorumic