No option to delete SSL certificates

Mohammed.Habeeb ISV mohammed.habeeb at inventec.com
Sat Mar 6 05:22:47 AEDT 2021 


-----Original Message-----
From: Ed Tanous <ed at tanous.net> 
Sent: Friday, March 5, 2021 9:53 AM
To: Gunnar Mills <gmills at linux.vnet.ibm.com>
Cc: Mohammed.Habeeb ISV <mohammed.habeeb at inventec.com>; openbmc at lists.ozlabs.org; devenrao at in.ibm.com; ojayanth at in.ibm.com
Subject: Re: No option to delete SSL certificates

On Fri, Mar 5, 2021 at 9:43 AM Gunnar Mills <gmills at linux.vnet.ibm.com> wrote:
>
> On 3/4/2021 8:52 PM, Mohammed.Habeeb ISV wrote:
> > In webui-vue , SSL certificates has only replace option. Delete 
> > button is greyed out.
> >
> > Is there any reason for not providing delete option?

I can't explain why the TrustStore certificate isn't deletable, that seems like a bug in webui-vue.

The HTTPS certificate isn't deletable because that would effectively disable the HTTPS interface entirely, which seems like a problem, given that you're currently using the HTTPS interface to communicate with the BMC.  Because of that, we only support replacing the certificate.  In a perfect world, we could regenerate a new self-signed certificate if the old one was deleted, but nobody has written that code so far as I'm aware, I suspect because it's just as easy to replace the certificate with your own self-signed cert.

Thanks for sharing the information. How about LDAP certificate type? 
>
> Looking at the code, I believe the only certificate that can be 
> deleted in bmcweb is the Trust Store Certificate
> https://github.com/openbmc/bmcweb/blob/feaf15005555a3099c7f22a7e3d16c9
> 9ccb40e72/redfish-core/lib/certificate_service.hpp#L1347
>
> And this is reflected in the webui-vue code:
> https://github.com/openbmc/webui-vue/blob/4da9495925d601bb4edfb8b007d5
> b54792b7491b/src/views/AccessControl/SslCertificates/SslCertificates.v
> ue#L183
>
> I am not sure if there is a reason for not supporting deleting other 
> certificates or just no one has done the work.
> https://github.com/openbmc/bmcweb/commit/07a602993f1007b0b0b764bdb3f14
> f302a8d2e26
>
> Thanks,
> Gunnar

More information about the openbmc mailing list