Project

General

Profile

Actions

Bug #20079

closed

Foreman does not verify CA on postgres DB connections with SSL

Added by Martin Bacovsky over 6 years ago. Updated over 5 years ago.

Status:
Closed
Priority:
Normal
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
Fixed in Releases:
Found in Releases:

Description

The default sslmode is 'prefer' which allows SSL connection to DB server, but CA of the DB server is not verified.

When using --foreman-db-sslmode 'verify-full' to enforce the CA cert verification there is no way to configure the root cert for the connection.
System CA trust is not supported by libpg and the cert is expected at '/usr/share/foreman/.postgresql/root.crt'.

Add an installer option to setup the root cert and consider if 'prefer' is the right and secure default option.


Related issues 2 (0 open2 closed)

Related to Installer - Bug #22940: foreman-installer does not create /usr/share/foreman/.postgresql/root.crtClosedEwoud Kohl van Wijngaarden03/20/2018Actions
Blocks Katello - Feature #19667: Need additional supported database deployment options for Katello installation: such as External PostgresClosedMartin Bacovsky05/25/2017Actions
Actions #1

Updated by Martin Bacovsky over 6 years ago

  • Blocks Feature #19667: Need additional supported database deployment options for Katello installation: such as External Postgres added
Actions #2

Updated by Martin Bacovsky over 6 years ago

  • Project changed from Katello to Installer
  • Category changed from Installer to Foreman modules
Actions #3

Updated by Martin Bacovsky over 6 years ago

  • Status changed from Ready For Testing to Closed
  • % Done changed from 0 to 100
Actions #4

Updated by Ales Dujicek almost 6 years ago

  • Related to Bug #22940: foreman-installer does not create /usr/share/foreman/.postgresql/root.crt added
Actions

Also available in: Atom PDF