@amessina Well, if you are setting up the web interface, you likely already have your own ca ? I'm not sure having a default self signed one makes too much sense...
@kevin I have been running the web interface for a number of years with a public cert (LetsEncrypt). Since Fedora 14, I had used a Kerberos-enabled Koji infrastructure rather than one based on certificates so I only needed the cert for the public interfaces (web, kojihub, etc.)
I'm just noting that KojiHubCA wasn't required before (even when using TLS) and now it is.
This update has been submitted for testing by kevin.
This update's test gating status has been changed to 'ignored'.
This update's test gating status has been changed to 'waiting'.
This update's test gating status has been changed to 'ignored'.
This update has been pushed to testing.
Generally functional, but is seems now that the web.conf
KojiHubCA
option is now required after: https://pagure.io/koji/c/74061d5d710155c0888c155df0ac3c0c40a96d41?branch=masterMaybe a sane default if not provided, like
/etc/pki/tls/cert.pem
would be nice.This update can be pushed to stable now if the maintainer wishes
works for me
This update has been submitted for stable by bodhi.
@amessina Well, if you are setting up the web interface, you likely already have your own ca ? I'm not sure having a default self signed one makes too much sense...
@kevin I have been running the web interface for a number of years with a public cert (LetsEncrypt). Since Fedora 14, I had used a Kerberos-enabled Koji infrastructure rather than one based on certificates so I only needed the cert for the public interfaces (web, kojihub, etc.)
I'm just noting that
KojiHubCA
wasn't required before (even when using TLS) and now it is.This update has been pushed to stable.