Merge "Revert "Point InternalTLSVncCAFile to /etc/ipa/ca.crt"" into stable/rocky
This commit is contained in:
commit
29dc880347
|
@ -97,7 +97,7 @@ parameters:
|
||||||
description: Specifies the default CA cert to use if TLS is used for
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
services in the internal network.
|
services in the internal network.
|
||||||
InternalTLSVncCAFile:
|
InternalTLSVncCAFile:
|
||||||
default: '/etc/ipa/ca.crt'
|
default: '/etc/pki/CA/certs/vnc.crt'
|
||||||
type: string
|
type: string
|
||||||
description: Specifies the CA cert to use for VNC TLS.
|
description: Specifies the CA cert to use for VNC TLS.
|
||||||
LibvirtCACert:
|
LibvirtCACert:
|
||||||
|
|
|
@ -55,7 +55,7 @@ parameters:
|
||||||
enable TLS transaport for libvirt VNC and configure the
|
enable TLS transaport for libvirt VNC and configure the
|
||||||
relevant keys for libvirt.
|
relevant keys for libvirt.
|
||||||
InternalTLSVncCAFile:
|
InternalTLSVncCAFile:
|
||||||
default: '/etc/ipa/ca.crt'
|
default: '/etc/pki/CA/certs/vnc.crt'
|
||||||
type: string
|
type: string
|
||||||
description: Specifies the CA cert to use for VNC TLS.
|
description: Specifies the CA cert to use for VNC TLS.
|
||||||
LibvirtVncCACert:
|
LibvirtVncCACert:
|
||||||
|
|
|
@ -88,7 +88,7 @@ parameters:
|
||||||
description: Specifies the default CA cert to use if TLS is used for
|
description: Specifies the default CA cert to use if TLS is used for
|
||||||
services in the internal network.
|
services in the internal network.
|
||||||
InternalTLSVncCAFile:
|
InternalTLSVncCAFile:
|
||||||
default: '/etc/ipa/ca.crt'
|
default: '/etc/pki/CA/certs/vnc.crt'
|
||||||
type: string
|
type: string
|
||||||
description: Specifies the CA cert to use for VNC TLS.
|
description: Specifies the CA cert to use for VNC TLS.
|
||||||
LibvirtCACert:
|
LibvirtCACert:
|
||||||
|
|
|
@ -56,7 +56,7 @@ parameters:
|
||||||
enable TLS transaport for libvirt VNC and configure the
|
enable TLS transaport for libvirt VNC and configure the
|
||||||
relevant keys for libvirt.
|
relevant keys for libvirt.
|
||||||
InternalTLSVncCAFile:
|
InternalTLSVncCAFile:
|
||||||
default: '/etc/ipa/ca.crt'
|
default: '/etc/pki/CA/certs/vnc.crt'
|
||||||
type: string
|
type: string
|
||||||
description: Specifies the CA cert to use for VNC TLS.
|
description: Specifies the CA cert to use for VNC TLS.
|
||||||
LibvirtVncCACert:
|
LibvirtVncCACert:
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
---
|
|
||||||
fixes:
|
|
||||||
- |
|
|
||||||
In case the freeipa CA is a sub CA of an external CA the InternalTLSVncCAFile
|
|
||||||
requrested does not have the full CA chain and only have the free IPA
|
|
||||||
CA. As a result qemu which can not verify the vnc certificate sent by
|
|
||||||
the vnc-proxy. The issue is in certmonger as it does not return the full
|
|
||||||
CA chain.
|
|
||||||
As a workaround, until certmonger is fixed, this change points the
|
|
||||||
InternalTLSVncCAFile to /etc/ipa/ca.crt which has the full CA chain.
|
|
Loading…
Reference in New Issue