Project

General

Profile

Actions

Bug #15163

closed

Use new oVirt CA cert endpoint

Added by Lukas Zapletal almost 8 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Compute resources - oVirt
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

Until now, we are downloading /ca.crt file from RHEV/oVirt. From version 3.4+ new endpoint is available (/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA HTTP GET) and the old one will be deprecated.


Related issues 1 (1 open0 closed)

Related to Foreman - Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather than from APINew08/26/2016Actions
Actions #1

Updated by The Foreman Bot almost 8 years ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/3548 added
Actions #2

Updated by Lukas Zapletal almost 8 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #3

Updated by Dominic Cleal almost 8 years ago

  • translation missing: en.field_release set to 136
Actions #4

Updated by Ohad Levy over 7 years ago

  • Bugzilla link set to 1370169
Actions #5

Updated by Juan Hernández over 7 years ago

Please take into account that both the old and new endpoints return the certificate of the CA that was created when the RHV/oVirt engine was installed. But the RHV/oVirt administrator may later replace the certificates, specially the web server certificate, see [1]. If that happens the CA certificate obtained from those endpoints won't work to connect to the engine. I'd suggest that you take the certificate directly from the SSL handshake, that will always work.

[1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.6/html/Administration_Guide/appe-Red_Hat_Enterprise_Virtualization_and_SSL.html)

Actions #6

Updated by Lukas Zapletal over 7 years ago

  • Related to Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather than from API added
Actions #7

Updated by Lukas Zapletal over 7 years ago

Thanks, created ticket for that.

Actions #8

Updated by Daniel Lobato Garcia over 7 years ago

  • Target version set to 1.6.2
Actions #9

Updated by Daniel Lobato Garcia over 7 years ago

  • Target version changed from 1.6.2 to 1.5.2
Actions

Also available in: Atom PDF