Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-1537

[RFE] Ability to configure TLS certificates generated by external CA for receptor communication

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • 2.4
    • None
    • False
    • Hide

      None

      Show
      None
    • False

      1.What is the nature and description of the request?

      Currently it is not possible to configure custom TLS certs generated by external CA to the receptor through installer.

      However, there is a supported way to handle this situation using below mentioned variables:
      [all:vars]
      mesh_ca_keyfile=/tmp/<mesh_CA>.key
      mesh_ca_certfile=/tmp/<mesh_CA>.crt
      Doc - https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.4/html-single/red_hat_ansible_automation_platform_automation_mesh_guide_for_vm-based_installations/index#importing-mesh-ca_setting-up

      However,

      In most of the cases, CA authority would never share their private key of CA, which is completely valid.

      2. Why does the customer need this? (List the business requirements here)

      Security reasons, security scanners detects that self-signed certs are configured for port 27199

      3. How would you like to achieve this? (List the functional requirements here)

      By having an option to configure custom TLS certs generated by external CA.

       

              rhn-sa-pgriffiths Phil Griffiths
              rhn-support-ahuchcha Amar Huchchanavar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: