Martin Peřina has submitted this change and it was merged. Change subject: aaa: engine doesn't trust externally-issued web certificate ...................................................................... aaa: engine doesn't trust externally-issued web certificate Engine should use configurable trustore for communication with sso module. New config variables have been added to pki conf file to let the user set custom trustsore for SSO<->Engine SSL communication. If the admin sets up custom apache certificates and loads the certificate into system wide trust store, the admin can add a new conf file to point the ENGINE_HTTPS_PKI_TRUST_STORE and ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD to the system truststore's location and password. Change-Id: I35788dea6fff2f4bf4b554f4457591c29db057ed Bug-Url: https://bugzilla.redhat.com/1336838 Signed-off-by: Ravi Nori <rnori@redhat.com> --- M backend/manager/modules/aaa/src/main/java/org/ovirt/engine/core/aaa/SsoOAuthServiceUtils.java M backend/manager/modules/enginesso/src/main/java/org/ovirt/engine/core/sso/utils/SsoUtils.java M packaging/services/ovirt-engine/ovirt-engine.conf.in M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/ca.py M packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/sso.py 5 files changed, 15 insertions(+), 21 deletions(-) Approvals: Sandro Bonazzola: Looks good to me, approved Martin Peřina: Looks good to me, but someone else must approve Ravi Nori: Verified Jenkins CI: Passed CI tests -- To view, visit https://gerrit.ovirt.org/57812 To unsubscribe, visit https://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I35788dea6fff2f4bf4b554f4457591c29db057ed Gerrit-PatchSet: 6 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Jenkins CI Gerrit-Reviewer: Martin Peřina <mperina@redhat.com> Gerrit-Reviewer: Moti Asayag <masayag@redhat.com> Gerrit-Reviewer: Oved Ourfali <oourfali@redhat.com> Gerrit-Reviewer: Ravi Nori <rnori@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbonazzo@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stirabos@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <didi@redhat.com> Gerrit-Reviewer: gerrit-hooks <automation@ovirt.org>