Pulp

This should be done in a Y release and a release note added that certificates may need to be regenerated to use a FQDN and any pulp-admin clients should adjust their admin.conf to use the FQDN.

After some discussion, the change to pulp-gen-ca-certificate should not present any backwards compatibility issues because its a self-signed CA cert. It's also not used to sign the httpd certs.

On 05/04/2015 03:04 PM, Pulp wrote:

This should be done in a Y release and a release note added that
certificates may need to be regenerated to use a FQDN.

Alternatively, users who are affected should be able to configure
admin.conf to use the hostname that they had been using before to avoid
regenerating the SSL certificates. This may be worth mentioning in the
release notes as well.

There is not currently a good way to see what the default hostname is set to. However, if you modify the client config (/etc/pulp/admin/admin.conf) and set 'host' in 'server' section to 'localhost' then you will get a mismatch between the hostname in the CA and the host that the client is trying to connect to. So then when you attempt to login using pulp-admin you will get a message similar to

The server hostname configured on the client did not match the name found in the
server's SSL certificate. The client attempted to connect to [localhost] but the
server returned [dev.example.com] as its hostname. The expected hostname can be changed in
the client configuration file.

The server should always return the same thing as the output of following command:

hostname -f

This should be tested on multiple operating systems.

Pulp 2 is approaching maintenance mode, and this Pulp 2 ticket is not being actively worked on. As such, it is being closed as WONTFIX. Pulp 2 is still accepting contributions though, so if you want to contribute a fix for this ticket, please reopen or comment on it. If you don't have permissions to reopen this ticket, or you want to discuss an issue, please reach out via the developer mailing list.