Description of problem: When configuring Satellite 6 beta with a ovirt/rhevm compute resource that is using a wildcard cert for HTTPS, the user is presented with the following error: "'ERF56-1309 [Foreman::FingerprintException]: The remote system presented a public key signed by an unidentified certificate authority. If you are sure the remote system is authentic, go to the compute resource edit page, press the 'Test Connection' or 'Load Datacenters' button and submit'" The message is repeated each time the user clicks 'submit' and is thus unable to create the compute resource Version-Release number of selected component (if applicable): foreman-ovirt-1.6.0.21-1.el6sat.noarch ruby193-rubygem-rbovirt-0.0.26-2.el6sat.noarch How reproducible: 100% Steps to Reproduce: 1. Configure RHEV-M to use a 3rd party cert, such as per (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html-single/Administration_Guide/index.html#Replacing_the_SSL_certificate_used_by_Red_Hat_Enterprise_Virtualization_Manager_to_identify_itself_to_users_connecting_over_https) 2. attempt to Configure Sat6 to use an ovirt resource 3. Actual results: User is unable to successfully configure an ovirt compute resource Expected results: User is able to successfully configure an ovirt compute resource Additional info:
Since this issue was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
As a temporary workaround, the following works to disable SSL verification: from Lukas Zapletal <lzap>: "locate rvovirt.rb file and change the VERIFY_PEER to VERIFY_NONE [root@hp-sl2x170zg6-01 ~]# locate rbovirt.rb /opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb [root@hp-sl2x170zg6-01 ~]# grep VERIFY_PEER /opt/rh/ruby193/root/usr/share/gems/gems/rbovirt-0.0.28/lib/rbovirt.rb verify_options = {:verify_ssl => OpenSSL::SSL::VERIFY_PEER} Then restart Satellite 6: service httpd restart"
Rich, can you share with me how you deployed the certificate? Is this documented in RHEV materials? I would like to reproduce.
We followed the instructions documented in the RHEV 3.2/3.3 documentation (https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.3/html-single/Administration_Guide/index.html#Replacing_the_SSL_certificate_used_by_Red_Hat_Enterprise_Virtualization_Manager_to_identify_itself_to_users_connecting_over_https) to replace the default self-signed certificate with the wildcard certificate.
I'm getting this same error with Satellite 6.0.4 using RHEV 3.4 with a custom certificate, which was issued by IPA/IdM. This is not a wildcard cert, but it's not the RHEV-generated cert either. The Compute Resource never actually gets to the point of trying the username/password.
Created redmine issue http://projects.theforeman.org/issues/7516 from this bug
Ok I am closing this issue because I am unable to reproduce. I was able to setup my oVirt/RHEV with wildcard certs easily. There is other issue/bug which is very relevant to this problem: https://bugzilla.redhat.com/show_bug.cgi?id=1143941 http://projects.theforeman.org/issues/7522 Until it was not resolved, I was not able to setup *any* other CA than the self-signed cert from RHEV. Therefore I believe the bug solved your error. In any case, feel free to reopen if you still think this is an issue. The 1143941 is scheduled for 6.1 release.