Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 2397793

Summary: [RFE] Cephadm. CertMGR promote to GA
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: daniel parkes <dparkes>
Component: CephadmAssignee: Redouane Kachach Elhichou <rkachach>
Status: CLOSED ERRATA QA Contact: Sayalee <saraut>
Severity: medium Docs Contact: Rivka Pollack <rpollack>
Priority: unspecified    
Version: 9.0CC: cephqe-warriors, jcaratza, mobisht, rkachach, rpollack, saraut
Target Milestone: ---Keywords: FutureFeature
Target Release: 9.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-20.1.0-14 Doc Type: Enhancement
Doc Text:
​​​​​​.​​​​​​New Cephadm certificate lifecycle management for improved Ceph cluster security​​​​ Cephadm certificate lifecycle management was previously available as limited release. This enhancement provides full availability for new and existing customers in production environments. ​​​​​​ ​​​​​​With this enhancement, Cephadm now has certificate lifecycle management in the certmgr subsystem. This feature provides a unified mechanism to provision, rotate, and apply TLS certificates for Ceph services, supporting both user-provided and automatically generated cephadm-signed certificates. As part of this feature, certmgr periodically checks the status of all certificates managed by Cephadm and issues health warnings for any that are nearing expiration, misconfigured, or invalid. This improves Ceph cluster security and simplifies certificate management through automation and proactive alerts.​​​​
 Story Points: ---
Clone Of: Environment:
Last Closed: 2026-01-29 06:59:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2388233    

Description daniel parkes 2025-09-24 13:26:19 UTC 
Our goal is to promote to GA the Certmgr:

Cephadm certmgr acts as the Root Certificate Authority (CA) for all self-signed certificates generated by Cephadm. For services that require SSL, admins have the option to either bring their own certificate or allow Cephadm to generate a self-signed certificate. This ensures secure communication while offering flexibility for deployment preferences.

Details:

https://docs.ceph.com/en/latest/cephadm/certmgr/

Upstream PR: https://github.com/ceph/ceph/pull/62106
Comment 8 errata-xmlrpc 2026-01-29 06:59:47 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 9.0 Security and Enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2026:1536