Bug 1526765

Summary:	Docs: imageio proxy needs to be restarted in case the Engine is switched to using 3rd party certificate (otherwise, it still uses the old certificate)
Product:	[oVirt] ovirt-engine	Reporter:	Yaniv Kaul <ykaul>
Component:	Documentation	Assignee:	bugs <bugs>
Status:	CLOSED WONTFIX	QA Contact:	meital avital <mavital>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	4.2.0	CC:	adahms, bugs, derez, dholler, nsoffer, tnisan
Target Milestone:	---	Keywords:	Documentation
Target Release:	---	Flags:	rule-engine: ovirt-4.2+
Hardware:	x86_64
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2023-08-03 07:12:22 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	Docs	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Yaniv Kaul 2017-12-17 11:06:21 UTC

Description of problem:
My RHV has alternative names in its certificate. This satisfies the browser (and it displays green the connection), but trying to upload via the UI fails and the console shows ERR_CERT_AUTHORITY_INVALID

Version-Release number of selected component (if applicable):
4.1.8

Comment 4 Dominik Holler 2017-12-18 08:26:38 UTC

@Yaniv

Can you confirm that the involved web browser is Chrome?
Which version is used to produce the problem?
Is firefox affected, too?

Can you confirm that https://[FQDN]/ca.crt is imported as certificate authority in the browser?

What happens if you open https://[ImageProxyAddress_including_:_port]/images/ in your browser? If ssl is working a proper REST error message should be shown, but if ssl has a problem, I would expect an ssl error message.

Are there any additional relevant logs in the developer tools console of your browser?

Comment 5 Dominik Holler 2017-12-18 09:50:43 UTC

I am not able to reproduce using OST basic-suite-master:
1. ./run_suite.sh basic-suite-master
2. wget --output-document engine.crt 'http://engine/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA'
3. Import engine.crt as authority in Chromium Version 62.0.3202.89 (Developer Build) Fedora Project (64-bit)
4. https://engine:54323/ shows clean REST error with working SSL and image upload via webadmin works.

Comment 14 Casper (RHV QE bot) 2022-10-18 21:30:43 UTC

This bug has low overall severity and is not going to be further verified by QE. If you believe special care is required, feel free to properly align relevant severity, flags and keywords to raise PM_Score or use one of the Bumps ('PrioBumpField', 'PrioBumpGSS', 'PrioBumpPM', 'PrioBumpQA') in Keywords to raise it's PM_Score above verification threashold (1000).

Comment 16 Sandro Bonazzola 2023-08-03 07:12:22 UTC

No updates in the last 6 years, closing as won't fix.
If still relevant please open an issue on https://github.com/oVirt/ovirt-site/issues