Description of problem:
See bug 1558500.
This means also that a sysadmin changing ssl.conf after setup to use custom certs (probably signed by a 3rd party CA), gets these changes overwritten back to engine-setup's default, which is the internal CA.
This was first reported on the thread starting with:
(Current archive seems to not be up-to-date so does not include latest relevent emails).
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install and setup a 4.1 engine, as in bug 1558500.
2. Manually configure 3rd-party CA certs for apache httpd in ssl.conf
3. Upgrade to 4.2.3
Manual changes to SSLCertificateFile, SSLCertificateKeyFile or SSLCACertificateFile done in step (2.) are reverted
Only changes to SSLProtocol and CustomLog options are done, but not to the SSL*File options.
engine-setup asks for changes in ssl.conf and then changes only SSLProtocol, CustomLog. SSLCertificate settings are unchanged.
verified in ovirt-engine-setup-188.8.131.52-0.1.el7_3.noarch
This bugzilla is included in oVirt 4.2.4 release, published on June 26th 2018.
Since the problem described in this bug report should be
resolved in oVirt 4.2.4 release, it has been closed with a resolution of CURRENT RELEASE.
If the solution does not work for you, please open a new bug report.