11 lines
482 B
YAML
11 lines
482 B
YAML
---
|
|
fixes:
|
|
- |
|
|
In case the freeipa CA is a sub CA of an external CA the InternalTLSVncCAFile
|
|
requrested does not have the full CA chain and only have the free IPA
|
|
CA. As a result qemu which can not verify the vnc certificate sent by
|
|
the vnc-proxy. The issue is in certmonger as it does not return the full
|
|
CA chain.
|
|
As a workaround, until certmonger is fixed, this change points the
|
|
InternalTLSVncCAFile to /etc/ipa/ca.crt which has the full CA chain.
|