Bug #15163
Use new oVirt CA cert endpoint
Description
Until now, we are downloading /ca.crt file from RHEV/oVirt. From version 3.4+ new endpoint is available (/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA HTTP GET) and the old one will be deprecated.
Related issues
Associated revisions
History
#1
Updated by The Foreman Bot over 4 years ago
Updated by - Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3548 added
#2
Updated by Lukas Zapletal over 4 years ago
Updated by - Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset bf416ab295d345352dbc8f8e19607d08f9e4efad.
#3
Updated by Dominic Cleal over 4 years ago
Updated by - Legacy Backlogs Release (now unused) set to 136
#4
Updated by Ohad Levy over 4 years ago
Updated by - Bugzilla link set to 1370169
#5
Updated by Juan Hernández over 4 years ago
Updated by Please take into account that both the old and new endpoints return the certificate of the CA that was created when the RHV/oVirt engine was installed. But the RHV/oVirt administrator may later replace the certificates, specially the web server certificate, see [1]. If that happens the CA certificate obtained from those endpoints won't work to connect to the engine. I'd suggest that you take the certificate directly from the SSL handshake, that will always work.
#6
Updated by Lukas Zapletal over 4 years ago
- Related to Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather than from API added
#7
Updated by Lukas Zapletal over 4 years ago
Thanks, created ticket for that.
#8
Updated by Daniel Lobato Garcia over 4 years ago
Updated by - Target version set to 1.6.2
#9
Updated by Daniel Lobato Garcia about 4 years ago
- Target version changed from 1.6.2 to 1.5.2
Fixes #15163 - use new oVirt CA cert endpoint