Sandor Molnar created KNOX-3255:
-----------------------------------
Summary: Return signing keystore certificate when SSL is disabled
in Admin API publicCert endpoint
Key: KNOX-3255
URL: https://issues.apache.org/jira/browse/KNOX-3255
Project: Apache Knox
Issue Type: Improvement
Reporter: Sandor Molnar
Assignee: Sandor Molnar
h3. Problem
The Admin API endpoint:
{{GET /knoxtopology/admin/api/v1/metadata/publicCert}}
currently returns the gateway’s public certificate chain obtained from the SSL
configuration. However, when SSL is disabled, no SSL certificate chain is
available, causing the endpoint to fail with a service unavailable response.
This behavior prevents clients from retrieving a valid public certificate in
deployments where the gateway operates without HTTPS but still uses signing
keys (e.g., for token signing).
h3. Proposed Improvement
Enhance the endpoint to return an appropriate certificate chain even when SSL
is disabled.
New behavior:
* If SSL is enabled → return the SSL public certificate chain (existing
behavior)
* If SSL is disabled → return the certificate chain associated with the
gateway signing key from the signing keystore
This ensures that a meaningful public certificate is always available for
clients that need to verify signatures or establish trust with the gateway.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
