Piotr Kliczewski has submitted this change and it was merged. Change subject: aaa: engine doesn't trust externally-issued web certificate ...................................................................... aaa: engine doesn't trust externally-issued web certificate Engine should use configurable trustore for communication with sso module. New config variables have been added to pki conf file to let the user set custom trustsore for SSO<->Engine SSL communication. If the admin sets up custom apache certificates and loads the certificate into system wide trust store, the admin can add a new conf file to point the ENGINE_HTTPS_PKI_TRUST_STORE and ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD to the system truststore's location and password. Change-Id: I35788dea6fff2f4bf4b554f4457591c29db057ed Bug-Url: https://bugzilla.redhat.com/1336838 Signed-off-by: Ravi Nori <rnori@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoOAuthServiceUtils.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SsoUtils.java M packaging/services/ovirt-engine/ovirt-engine.conf.in M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/ca.py M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/sso.py 5 files changed, 15 insertions(+), 21 deletions(-) Approvals: Martin Peřina: Verified; Passed CI tests Moti Asayag: Looks good to me, approved -- To view, visit https://gerrit.ovirt.org/58322 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I35788dea6fff2f4bf4b554f4457591c29db057ed Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: ovirt-engine-4.0 Gerrit-Owner: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Piotr Kliczewski <piotr.kliczewski@gmail.com> Gerrit-Reviewer: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>