RHV-M CA certificate download link is not updated when using custom certificates

Updated 2021-05-11T13:33:20+00:00

Issue

  • On a default RHV-M installation, /etc/pki/ovirt-engine/apache-ca.pem is a symbolic link pointing to /etc/pki/ovirt-engine/ca.pem.

    # ls -l /etc/pki/ovirt-engine/apache-ca.pem
    lrwxrwxrwx. 1 root root 28 Jan 20 16:18 /etc/pki/ovirt-engine/apache-ca.pem -> /etc/pki/ovirt-engine/ca.pem
    
  • After installing custom TLS certificates for Apache, the symbolic link /etc/pki/ovirt-engine/apache-ca.pem is removed and replaced with a custom CA certificate which does not change the file served by the download link.

  • When using a custom TLS certificate for Apache on RHV-M, the CA Certificate download link (http://rhvm.example.org/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA) on the RHV-M web UI landing page, still provides the engine certificate /etc/pki/ovirt-engine/ca.pem instead of the custom CA certificate /etc/pki/ovirt-engine/apache-ca.pem.

  • The CA certificate used for the web UI changes but the URL still serves /etc/pki/ovirt-engine/ca.pem which is not valid for clients to interact with Apache.

  • Why does the CA Certificate download link not retrieve the custom CA certificate from /etc/pki/ovirt-engine/apache-ca.pem?

CA Certificate download link on RHV-M UI
CA Certificate download link on RHV-M UI

Environment

  • Red Hat Virtualization (RHV) 4.4
  • Red Hat Virtualization (RHV) 4.3

Subscriber content preview. For full access to the Red Hat Knowledgebase, please log in.

Not a subscriber? Learn more about the benefits of Red Hat Subscriptions.