Bug #35296
closed
Need to be able to provide custom cert for ISS for Red Hat CDN
Description
Description of problem:
Assume we have an Upstream HTTP Server that is serving the extracted CDN ISO content and a Downstream Server that can only talk to that http server.
We need to be able specify custom ca cert (or ca credential) when we change the RedHat CDN url to the upstream url.
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1. Get a content iso extracted in /var/www/html/pub/<myrepo> on some other box
2. Go to Subscriptions => Manage Manifest
3. Change the redhat cdn url to https://<fqdn>/pub/<myrepo>. Notice that you cannot specify the cert in this tab.
4. Go to Redhat Repositories and try expanding the available repositories.
Actual results:
You should get an error along the lines of
2022-07-28T18:01:33 [I|app|37e3cb19] CDN: Requesting path https://<webserver>:443/pub/repos/content/dist/rhel/server/7/listing
/opt/rh/rh-ruby27/root/usr/share/ruby/net/protocol.rb:44: warning: exception in verify_callback is ignored
2022-07-28T18:01:33 [E|app|37e3cb19] Failed at scanning for repository: SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain)
Expected results:
Ability to see enabled repos from the store.
We may also need to be able to set a SSL CA Credential on the Manage Manifests.
Updated by 
Updated by 
Updated by