Bug 1568565 - Upgrade removes custom cert configuration -docs don't mention it
Summary: Upgrade removes custom cert configuration -docs don't mention it
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.8.0
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: GA
: cfme-future
Assignee: Red Hat CloudForms Documentation
QA Contact: Red Hat CloudForms Documentation
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-17 18:56 UTC by Paul Armstrong
Modified: 2019-12-19 15:46 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-12-19 15:46:38 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:


Attachments (Terms of Use)

Description Paul Armstrong 2018-04-17 18:56:10 UTC
Document URL: 

a) https://access.redhat.com/articles/449033
b) https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.6/html/appliance_hardening_guide/server-security#enabling_the_appliance_to_use_your_certificate

Section Number and Name: 

a) reference the document only
b) 3.2.3. Enabling Your Certificate

Describe the issue: 

Two methods are described for configuring your certificates. The method in the documentation asks you to replace the files in the target directory pointed to by the configuration files. 
/var/www/miq/vmdb/certs/server.cer 
/var/www/miq/vmdb/certs/server.cer.key

The other asks you to update the /etc/httpd/conf.d file:

Edit the following lines in the Apache SSL configuration file to point to the new certificate and key file. For CloudForms Management Engine 5.2 and above, the file is /etc/httpd/conf.d/cfme-https-application.conf. For earlier versions of ManageIQ EVM and CloudForms Management Engine 5.1, the file is /etc/httpd/conf.d/ssl.conf:

Raw
SSLCertificateFile /var/www/miq/vmdb/certs/servername.crt
SSLCertificateKeyFile /var/www/miq/vmdb/certs/servername.key


Suggestions for improvement: 

in case a) for CFME 5.8 the file 
/etc/httpd/conf.d/cfme-https-application.conf
is now called
/etc/httpd/conf.d/manageiq-https-application.conf


in case b) for CFME 5.8 the documentation does not mention that the files are replaced.

/var/www/miq/vmdb/certs/server.cer -> /var/www/miq/vmdb/certs/server.cer.rpmsave
/var/www/miq/vmdb/certs/server.cer.key -> /var/www/miq/vmdb/certs/server.cer.key.rpmsave

In any event, chrome will not load the web UI due to the error
Firefox will ask you to accept the certificate again.

Additional information: 

I have not checked 5.9, but it should be checked as well..

PA

Comment 2 Paul Armstrong 2018-04-17 18:57:00 UTC
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1568565

Comment 3 Dave Johnson 2018-04-17 19:03:53 UTC
Please assess the impact of this issue and update the severity accordingly.  Please refer to https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity for a reminder on each severity's definition.

If it's something like a tracker bug where it doesn't matter, please set the severity to Low.


Note You need to log in before you can comment on or make changes to this bug.