I'm trying to add an oVirt compute resource and TLS is being it's usual
pain.
When adding it I get the error:
ERF56-1309 [Foreman::FingerprintException]: The remote system presented a
public key signed by an unidentified certificate authority. If you are sure
the remote system is authentic, go to the compute resource edit page, press
the 'Test Connection' or 'Load Datacenters' button and submit
It continues to give me that error always despite doing what it suggests.
If I switch to plain http it all works, and I can communicate with the API
over https and curl, so this must be purely a cert issue between foreman
and ovirt.
Googling around, I found a few reasons for this, but in my case it's simply
that I have a self-signed certificate and what I want is Foreman to just
accept it.
Attempted fixes:
Just re-submitting the form doesn't work, though foreman implies it
should.
I verified curl gives me the same error when accessing the oVirt API.
Then I extracted the cert with openssl s_client -connect host:443
-showcerts and added this to the ca-bundle.crt. Now curl stopped
complaining, so I'm assuming my CA is now trusted. But Foreman still
complains. Does it use something other than than the system CA bundle?
I tried pasting the cert in the text field in the compute resource page.
This does nothing. If I hit submit I just have the same error and the
default cert has re-appeared in the field.
···
On Monday, June 27, 2016, barnyard_owl_feeder wrote:
I’m trying to add an oVirt compute resource and TLS is being it’s usual
pain.
When adding it I get the error:
ERF56-1309 [Foreman::FingerprintException]: The remote system presented a
public key signed by an unidentified certificate authority. If you are sure
the remote system is authentic, go to the compute resource edit page, press
the ‘Test Connection’ or ‘Load Datacenters’ button and submit
It continues to give me that error always despite doing what it suggests.
If I switch to plain http it all works, and I can communicate with the API
over https and curl, so this must be purely a cert issue between foreman
and ovirt.
Googling around, I found a few reasons for this, but in my case it’s
simply that I have a self-signed certificate and what I want is Foreman to
just accept it.
Attempted fixes:
Just re-submitting the form doesn’t work, though foreman implies it
should.
I verified curl gives me the same error when accessing the oVirt API.
Then I extracted the cert with openssl s_client -connect host:443
-showcerts and added this to the ca-bundle.crt. Now curl stopped
complaining, so I’m assuming my CA is now trusted. But Foreman still
complains. Does it use something other than than the system CA bundle?
I tried pasting the cert in the text field in the compute resource
page. This does nothing. If I hit submit I just have the same error and the
default cert has re-appeared in the field.
