Skip to content
This repository has been archived by the owner on Jul 20, 2023. It is now read-only.

GUI: SSL Certificate management page #43

Closed
jandraa opened this issue Nov 15, 2018 · 3 comments
Closed

GUI: SSL Certificate management page #43

jandraa opened this issue Nov 15, 2018 · 3 comments
Assignees
@jandraa
Labels
design_discovery

Comments

@jandraa
Copy link

jandraa commented Nov 15, 2018
edited

A user can manage their certificates (CA certificates, client certificates, and server certificates). Users should be able to see the uploaded file (and upload a new one if wanted), the start date, and expiration date.
@gtmills gtmills mentioned this issue Nov 19, 2018
Closed
3 tasks
@gtmills
Copy link
Member

gtmills commented Nov 19, 2018

Need a new page for uploading an SSL Certificate

@jandraa
Copy link
Author

jandraa commented Nov 19, 2018
edited

From Alissa:

Work in progress...
https://ibm.invisionapp.com/share/RQNYHJ0VBDY#/318977543_1-_SSL_Certification
SSL certificate upload management page

Support/upload file types...
More than one CA file (work in progress)
Single server certificate file
Choose and upload file(s)
Remove loaded file
See if file(s) successfully uploaded
Remove existing file(s)
CA - signed certificate only, server + client certificates (private key + signed certificate)
Expose to user that private key data needs to be included in certificate file upon upload (private key + signed certificate)
Outstanding questions/decisions that need to be made:

Is the client certificate upload specific to LDAP? - YES, and this function will exist in the LDAP page #177
Is client certificate an optional or required field? - YES, #177
Can we expose expiration dates for certificates? (still a WIP, will be clearer in 1-2 weeks; can this data be extracted from front-end vs back-end?)
Can we support generating CSR-based certificates?
Are CSR-based certificates specific only to server certificates?
Future requirements to consider

Blacklist (disable) certificate files
Show user when certificate is reaching expiration date (e.g. notification, exposing via server overview page)
Possibility that generating certificate experience could co-exist with certificate upload management page #182

@jandraa
Copy link
Author

jandraa commented Nov 26, 2018
edited

Pending Work - Design

  • Verify all three certificate types are designed; add to necessary panels
  • Conduct user research to determine where in the navigation SSL certificates should live
  • Conduct user research to determine where client certificates should live (LDAP vs. SSL certification)
  • Update upload component so it can scale to multi-file upload scenarios
  • Consider where and how users should be notified of expired certificates

@jandraa jandraa changed the title GUI: Certificate upload page GUI: SSL Certificate upload page Nov 27, 2018
@jandraa jandraa changed the title GUI: SSL Certificate upload page GUI: SSL Certificate management page Nov 27, 2018
@jandraa jandraa mentioned this issue Apr 1, 2019
Closed
rfrandse pushed a commit to ibm-openbmc/phosphor-webui that referenced this issue Jul 8, 2019
@BeccaBroek @rfrandse
Create certificate management page
6e34f9c 
Displays certificates and the ability to add up to one
of each type of certificate (as limited by the backend
implementation). HTTPS certificate and LDAP client cert
are implemented in this commit, with the ability to add
more types as needed by adding them to the constants.js
CERTIFICATE_TYPES array.

Also provides the ability to replace a certificate once
it is added.

Resolves openbmc/phosphor-webui#43

Tested: loaded onto a witherspoon and able to view and
        replace both the HTTPS certificate and the
        LDAP certificate. GUI only allows to upload an
        LDAP certificate if one doesn't already exist.
        The GUI limits the user to one file per type as
        expected at this time and provides the
        appropriate validation messages. Alert messages
        appear above the table if the certificate is
        expired or within 30 days of expiring.

Change-Id: I345267280ecd3cb257e9304886cde9ebb69b1240
Signed-off-by: beccabroek <beccabroek@gmail.com>
Signed-off-by: Yoshie Muranaka <yoshiemuranaka@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jandraa jandraa

Labels
design_discovery
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gtmills @jandraa