Project

General

Profile

Bug #16392

Katello should have a single way to manage CA certificates that it uses

Added by Chris Duryee almost 3 years ago. Updated about 1 year ago.

Status:
New
Priority:
Normal
Assignee:
Category:
Inter Server Sync
Target version:
Difficulty:
medium
Triaged:
Bugzilla link:
Pull request:
Team Backlog:
Fixed in Releases:
Found in Releases:

Description

There are two areas of code that make HTTPS calls to repositories:

  • the katello part that browses the CDN on the repo enable page
  • the pulp part that actually fetches the data

The Katello part uses redhat-uep.pem when making CDN calls. However, the Pulp portion uses the system's trust store. This means that URLs like https://dl.fedoraproject.org will work, but internal URLs in a data center will not, since the internal URL does not use redhat-uep.pem for its CA.

Ideally, Katello would have some kind of CA management to manage both of these areas, either via the web UI or via command-line.

History

#1 Updated by Justin Sherrill almost 3 years ago

  • Legacy Backlogs Release (now unused) set to 114
  • Difficulty set to medium

Also available in: Atom PDF