RHV-M CA certificate download link is not updated when using custom certificates
Issue
-
On a default RHV-M installation,
/etc/pki/ovirt-engine/apache-ca.pemis a symbolic link pointing to/etc/pki/ovirt-engine/ca.pem.# ls -l /etc/pki/ovirt-engine/apache-ca.pem lrwxrwxrwx. 1 root root 28 Jan 20 16:18 /etc/pki/ovirt-engine/apache-ca.pem -> /etc/pki/ovirt-engine/ca.pem -
After installing custom TLS certificates for Apache, the symbolic link
/etc/pki/ovirt-engine/apache-ca.pemis removed and replaced with a custom CA certificate which does not change the file served by the download link. -
When using a custom TLS certificate for Apache on RHV-M, the
CA Certificatedownload link(http://rhvm.example.org/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA)on the RHV-M web UI landing page, still provides the engine certificate/etc/pki/ovirt-engine/ca.peminstead of the custom CA certificate/etc/pki/ovirt-engine/apache-ca.pem. -
The CA certificate used for the web UI changes but the URL still serves
/etc/pki/ovirt-engine/ca.pemwhich is not valid for clients to interact with Apache. -
Why does the
CA Certificatedownload link not retrieve the custom CA certificate from/etc/pki/ovirt-engine/apache-ca.pem?
Environment
- Red Hat Virtualization (RHV)
- 4.3
- 4.4
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
