Feature #1132
closedMake SSL requirement optional for method ":show" in hosts_controller
Description
Working on the rundeck integration I noticed it's quite hard to make the hosts_controller :show work through SSL. This is not a Foreman issue but, because the I don't really see critical risks with this, I'm suggesting this as a "feature" :
The possibility to read host information via the API with or without SSL adding an exception to :show in "app/controllers/hosts_controller.rb"
skip_before_filter :require_ssl, :only => ANONYMOUS_ACTIONS + [:show]
PS: I'm submitting the patch in a moment.
@Ohad: If you see that as a problem, is there a way to bypass SSL only for rundeck ?
Updated by Marcello de Sousa over 13 years ago
:(
Since #1057 , index should also allow non SSL requests for rundeck:
skip_before_filter :require_ssl, :only => ANONYMOUS_ACTIONS + [:show, :index]
That I don't like, but... well.... Better idea anyone ?
Updated by Marcello de Sousa over 13 years ago
Ok, so after hours of trying to make rundeck accept a self signed certificate I finally discovered how to do it. using keytool you have to import foreman's certificate to the java's keystore. In my Centos 6 machine it looks like this:
> keytool -importcert -file /etc/httpd/conf.d/foreman.crt -keystore /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/security/cacerts -alias foreman -storepass changeit
Then restart rundeck.
If you don't do it, you might get an error similar to :
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
With this issue solved, this ticket becomes obsolete and I guess it can be closed.
Updated by Marcello de Sousa over 13 years ago
- Status changed from New to Closed