Bug 1568565 - Upgrade removes custom cert configuration -docs don't mention it
Summary: Upgrade removes custom cert configuration -docs don't mention it
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: GA
: cfme-future
Assignee: Red Hat CloudForms Documentation
QA Contact: Red Hat CloudForms Documentation
Depends On:
TreeView+ depends on / blocked
Reported: 2018-04-17 18:56 UTC by Paul Armstrong
Modified: 2019-12-19 15:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2019-12-19 15:46:38 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:

Attachments (Terms of Use)

Description Paul Armstrong 2018-04-17 18:56:10 UTC
Document URL: 

a) https://access.redhat.com/articles/449033
b) https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/appliance_hardening_guide/server-security#enabling_the_appliance_to_use_your_certificate

Section Number and Name: 

a) reference the document only
b) 3.2.3. Enabling Your Certificate

Describe the issue: 

Two methods are described for configuring your certificates. The method in the documentation asks you to replace the files in the target directory pointed to by the configuration files. 

The other asks you to update the /etc/httpd/conf.d file:

Edit the following lines in the Apache SSL configuration file to point to the new certificate and key file. For CloudForms Management Engine 5.2 and above, the file is /etc/httpd/conf.d/cfme-https-application.conf. For earlier versions of ManageIQ EVM and CloudForms Management Engine 5.1, the file is /etc/httpd/conf.d/ssl.conf:

SSLCertificateFile /var/www/miq/vmdb/certs/servername.crt
SSLCertificateKeyFile /var/www/miq/vmdb/certs/servername.key

Suggestions for improvement: 

in case a) for CFME 5.8 the file 
is now called

in case b) for CFME 5.8 the documentation does not mention that the files are replaced.

/var/www/miq/vmdb/certs/server.cer -> /var/www/miq/vmdb/certs/server.cer.rpmsave
/var/www/miq/vmdb/certs/server.cer.key -> /var/www/miq/vmdb/certs/server.cer.key.rpmsave

In any event, chrome will not load the web UI due to the error
Firefox will ask you to accept the certificate again.

Additional information: 

I have not checked 5.9, but it should be checked as well..


Comment 2 Paul Armstrong 2018-04-17 18:57:00 UTC
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1568565

Comment 3 Dave Johnson 2018-04-17 19:03:53 UTC
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.

Note You need to log in before you can comment on or make changes to this bug.