After the changes in https://github.com/theforeman/foreman_kubevirt/pull/180 it's not possible anymore to connect to OCP-V instances with self-signed certs without manually fetching those certs and providing them to Satellite.

While secure, this is cumbersome to the user.

Let's find a better flow how we can make it secure while also making it easier for the user.

Looking at the other CRs we have (VMware, OpenStack – I don't expect to have to provide custom certs for GCE/EC2/Azure), we see:

• OpenStack: no way to provide a cert, if the OS doesn't trust it, there is no way to connect.
• VMware: when setting up the CR, the "fingerprint" is populated on first use via https://github.com/theforeman/foreman/blob/f1888ba68408e4553ed288f0a8e17c2f9c885422/app/models/compute_resources/foreman/model/vmware.rb#L778-L783

Should we do something similar (cert offered on first connection is trusted) for OCP-V?
What about OpenStack?