Bug #35359: Make the Http Proxy store a CA certifcate - Foreman

Actions

Copy link

Bug #35359

closed

Make the Http Proxy store a CA certifcate

Added by Partha Aji over 2 years ago. Updated about 2 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Partha Aji

Category:

Proxy gateway

Target version:

Difficulty:

Triaged:

Yes

Bugzilla link:

2112098

Pull request:

https://github.com/theforeman/foreman/pull/9348, https://github.com/theforeman/foreman/pull/9355

Fixed in Releases:

3.5.0

Found in Releases:

Red Hat JIRA:

Description

When talking over an https proxy, 2 certificates have to be addressed

CA Cert of the Proxy
CA Cert of the destination URL (assuming its https).

Currently to HTTP Proxies require both these certificates to be in systems default trust store to connect to EC2/Other compute providers.

A better approach would be to store the CA Cert of the https proxy in the database instead of the trust store. When talking to EC2 we can narrow down the certificates in the chain to the one from proxy + certificates in the system trust store.

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Custom queries

Bug #35359

Make the Http Proxy store a CA certifcate

Updated by The Foreman Bot over 2 years ago

Updated by The Foreman Bot over 2 years ago

Updated by Partha Aji over 2 years ago

Updated by The Foreman Bot over 2 years ago

Updated by Partha Aji over 2 years ago

Updated by Ewoud Kohl van Wijngaarden about 2 years ago