Description of problem: When testing the connection to ovirt-provider-ovn, the SHA1 fingerprint of the CA certificate is shown to the user for approval, although all the certificates are signed with SHA256 Version-Release number of selected component (if applicable): ovirt-engine-4.3.8.2-0.4.el7.noarch ovirt-web-ui-1.6.0-2.el7ev.noarch How reproducible: Steps to Reproduce: 1. Deploy new RHV 4.3.8 HostedEngine with ovirt-provider-ovn 2. Check that all certs are SHA256: #!/bin/bash names="engine apache websocket-proxy jboss imageio-proxy ovirt-provider-ovn" for name in $names; do echo "### $name" openssl x509 -in /etc/pki/ovirt-engine/certs/"${name}".cer -text -noout | grep -i "Signature Algorithm" done echo "### CA" openssl x509 -in /etc/pki/ovirt-engine/ca.pem -text -noout | grep -i "Signature Algorithm" echo "### Apache CA" openssl x509 -in /etc/pki/ovirt-engine/apache-ca.pem -text -noout | grep -i "Signature Algorithm" echo "### Trust store" LANG=C keytool -list -keystore /etc/pki/ovirt-engine/.truststore -v | grep -i "Signature Algorithm" #(password: mypass) echo "### External trust store" LANG=C keytool -list -keystore /var/lib/ovirt-engine/external_truststore -v | grep -i "Signature Algorithm" #(password: changeit) 3. In RHV-M, go to Administration -> Providers -> ovirt-provider-ovn -> Edit -> Test button Actual results: The SHA1 of the CA cert is shown to the user for approval. Expected results: As the SHA1 algorithm is being deprecated, it makes sense not to use it anywhere. Additional info:
This seems related to Networking so re-assigning
Let's show the fingerprint and the algorithm of the certificate.
Verified on - rhvm-4.4.7.3-0.3.el8ev.noarch
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: RHV Manager (ovirt-engine) security update [ovirt-4.4.7]), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2865