Description of problem: Enhance Octavia error message when PKCS12 is encrypted with key. Octavia should be enhanced to provide a better error code when the pkcs12 bundle does not pass validation or is unreadable. Internal link with more details: [http://post-office.corp.redhat.com/archives/rhos-tech/2019-September/msg00206.html](http://post-office.corp.redhat.com/archives/rhos-tech/2019-September/msg00206.html) Additional info: This point is IMO already covered in https://bugzilla.redhat.com/show_bug.cgi?id=1712448#c8 , https://storyboard.openstack.org/#!/story/2005925, https://review.opendev.org/#/c/667200/ ~~~ Validate certificate content at API level Starting from Rocky, certificates are loaded still at API level when converting objects to provider data models. The act of loading the certificate provides validation as to its content. For example, it checks if a value in the Common Name field is set. When the content is passed in on create and update actions via reference, it is checked at API level. If it's invalid, it fails right there and an error is returned to the user. Although, certificate content is not checked at API level in Queens. Should an invalid certificate be passed in, the API accepts but it will later fail at provisioning -- the listener and loadbalancer go into ERROR. The problem starts when the health manager runs the periodic update health check. It calculates the expected number of listeners and sees the listener in ERROR. In an attempt to heal it, an amphora failover is triggered. As it runs the failover, it tries, again, to load up the invalid certificate. Amphora failover goes on in a loop. This patch is a Queens-only patch. ~~~ But I would like to make sure that this is the case.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:0770