Bug 1670138
| Summary: | SSL certificate registration does not overwrite existing server.cer and server.cer.key | ||
|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Brant Evans <brant.evans> |
| Component: | Appliance | Assignee: | Joe Vlcek <jvlcek> |
| Status: | CLOSED ERRATA | QA Contact: | Md Nadeem <mnadeem> |
| Severity: | high | Docs Contact: | Red Hat CloudForms Documentation <cloudforms-docs> |
| Priority: | high | ||
| Version: | 5.9.7 | CC: | abellott, dgaikwad, dmetzger, mshriver, obarenbo, simaishi, yrudman |
| Target Milestone: | GA | Keywords: | Reopened |
| Target Release: | 5.11.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 5.11.0.1 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-12-12 13:35:20 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | Bug | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | CFME Core | Target Upstream Version: | |
| Embargoed: | |||
New commit detected on ManageIQ/manageiq-appliance_console/master: https://github.com/ManageIQ/manageiq-appliance_console/commit/6188f0550209f9b03d15b63793818e137068c4ce commit 6188f0550209f9b03d15b63793818e137068c4ce Author: Joe VLcek <jvlcek> AuthorDate: Fri Mar 1 14:34:24 2019 -0500 Commit: Joe VLcek <jvlcek> CommitDate: Fri Mar 1 14:34:24 2019 -0500 Handle existing certs and support rerun of cert generation Will address: https://bugzilla.redhat.com/show_bug.cgi?id=1670138 lib/manageiq/appliance_console/certificate.rb | 22 +- spec/certificate_authority_spec.rb | 6 +- spec/certificate_spec.rb | 27 +- 3 files changed, 46 insertions(+), 9 deletions(-) Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:4199 Hello Satoe Imaishi, I think it is major issue still present on 5.10.X. Is it possible to clone this issue to 5.10.X, because I am still facing this issue on 5.10.X ? |
Description of problem: Using appliance_console_cli to set SSL Certs does not overwrite the existing server.cer and server.cer.key Version-Release number of selected component (if applicable): cfme-5.9.7.2-1.el7cf.x86_64 How reproducible: always Steps to Reproduce: (Requires an IDM server to be setup and configured) 1. Configure an appliance as normal so evmserverd processes start appliance_console_cli \ --region=1 \ --internal \ --username=root \ --password=redhat \ --key \ --dbdisk=/dev/vdb 2. Use appliance_console_cli to join the appliance to an IPA domain appliance_console_cli \ --ipaserver=idm.example.com \ --ipaprincipal=admin \ --ipapassword=redhat 3. Use appliance_console_cli to setup SSL Certs appliance_console_cli \ --ca=ipa \ --http-cert Actual results: The certificate is created in IPA, but the /var/www/miq/vmdb/certs/server.cer and server.cer.key are not overwritten. The root.crt file is created. Expected results: The server.cer and server.cer.key files are the SSL certificate from IPA and not the self-signed certs. Additional info: I was able to work around this issue by removing/renaming the /var/www/miq/vmdb/server.cer and server.cer.key prior to running the command in step 3 above.