Bug #15163
closed
Use new oVirt CA cert endpoint
Description
Until now, we are downloading /ca.crt file from RHEV/oVirt. From version 3.4+ new endpoint is available (/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA HTTP GET) and the old one will be deprecated.
Updated by The Foreman Bot over 7 years ago
- Status changed from New to Ready For Testing
- Pull request https://github.com/theforeman/foreman/pull/3548 added
Updated by Lukas Zapletal over 7 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset bf416ab295d345352dbc8f8e19607d08f9e4efad.
Updated by Dominic Cleal over 7 years ago
- translation missing: en.field_release set to 136
Updated by
Updated by Juan Hernández over 7 years ago
Please take into account that both the old and new endpoints return the certificate of the CA that was created when the RHV/oVirt engine was installed. But the RHV/oVirt administrator may later replace the certificates, specially the web server certificate, see [1]. If that happens the CA certificate obtained from those endpoints won't work to connect to the engine. I'd suggest that you take the certificate directly from the SSL handshake, that will always work.
Updated by Lukas Zapletal over 7 years ago
- Related to Feature #16317: Download oVirt/RHEL CA cert from HTTP handshake rather than from API added
Updated by Daniel Lobato Garcia about 7 years ago
- Target version changed from 1.6.2 to 1.5.2