-
Bug
-
Resolution: Done
-
Critical
-
RHOAI_2.8.0_GA
-
False
-
-
False
-
Release Notes
-
RHOAISTRAT-60 - Support for Self-Signed Certificates in RHOAI deployments
-
No
-
-
Known Issue
-
Done
-
No
-
-
-
RHOAI IDE 2.9-extended, RHOAI IDE - Ankara
-
Testable
With current RHOAI 2.8RC1 build, there is supposed to be possible to define custom certificate to be used for network communication on one place and use it everywhere for all RHOAI components. E.g. when having some internal service which uses self-signed certificate (e.g. local minion instance, etc.), I can configure it on one place and this is then used elsewhere for RHOAI.
Certificate definition via DSCI configuration works just fine for case of workbenches. Also the certificate bundle is mounted to the workbench as expected:
(app-root) (app-root) ls -l /etc/pki/tls/certs/ total 224 lrwxrwxrwx. 1 root root 49 Aug 29 2023 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem lrwxrwxrwx. 1 root root 55 Aug 29 2023 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt -rw-r--r--. 1 root 1000720000 222082 Mar 8 16:10 custom-ca-bundle.crt -rw-r--r--. 1 root 1000720000 1119 Mar 8 16:10 custom-odh-ca-bundle.crt
But the problem is that since it's not on the standard system path from which the tooling reads CA certs, this bundle is simply ignored by all the tooling unless we override the default setting of the tool. For example for the curl command we need to use `--cacert` flag pointing to the `/etc/pki/tls/certs/custom-odh-ca-bundle.crt` to be able to connect with the peer over HTTPS with self-signed certificate.
In general, this means that for the regular user, there is not much change in behavior with current situation (to overcome problems with connection to peers with self-signed certs) to what was before this release.
- clones
-
RHOAIENG-4327 [2.8.1] The custom CA certificate bundle isn't grabbed by default in workbench
- Closed
- is related to
-
RHOAISTRAT-28 Support for product capabilities in a disconnected environment
- In Progress