Actions
Bug #20079
closed
Foreman does not verify CA on postgres DB connections with SSL
Difficulty:
Triaged:
Bugzilla link:
Description
The default sslmode is 'prefer' which allows SSL connection to DB server, but CA of the DB server is not verified.
When using --foreman-db-sslmode 'verify-full' to enforce the CA cert verification there is no way to configure the root cert for the connection.
System CA trust is not supported by libpg and the cert is expected at '/usr/share/foreman/.postgresql/root.crt'.
Add an installer option to setup the root cert and consider if 'prefer' is the right and secure default option.
Updated by Martin Bacovsky over 7 years ago
- Blocks Feature #19667: Need additional supported database deployment options for Katello installation: such as External Postgres added
Updated by Martin Bacovsky over 7 years ago
- Project changed from Katello to Installer
- Category changed from Installer to Foreman modules
Updated by Martin Bacovsky over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset puppet-foreman|a8297636bf9d38f34f519cf4e13793d2dd472868.
Updated by Ales Dujicek almost 7 years ago
- Related to Bug #22940: foreman-installer does not create /usr/share/foreman/.postgresql/root.crt added
Actions