Use new oVirt CA cert endpoint
|Assigned To:||Lukas Zapletal|
|Category:||Compute resources - oVirt|
|Target version:||Team Daniel - iteration 3|
|Found in release:||Pull request:||https://github.com/theforeman/foreman/pull/3548|
|Velocity based estimate||-|
Until now, we are downloading /ca.crt file from RHEV/oVirt. From version 3.4+ new endpoint is available (/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA HTTP GET) and the old one will be deprecated.
#5 Updated by Juan Hernández 7 months ago
Please take into account that both the old and new endpoints return the certificate of the CA that was created when the RHV/oVirt engine was installed. But the RHV/oVirt administrator may later replace the certificates, specially the web server certificate, see . If that happens the CA certificate obtained from those endpoints won't work to connect to the engine. I'd suggest that you take the certificate directly from the SSL handshake, that will always work.