[jira] [Work logged] (KNOX-3255) Return signing keystore certificate when SSL is disabled in Admin API publicCert endpoint

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-3255?focusedWorklogId=1006065&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1006065
 ]

ASF GitHub Bot logged work on KNOX-3255:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/Feb/26 10:26
            Start Date: 19/Feb/26 10:26
    Worklog Time Spent: 10m 
      Work Description: github-actions[bot] commented on PR #1149:
URL: https://github.com/apache/knox/pull/1149#issuecomment-3926269681

   ## Test Results
   7 tests   7 ✅  1s ⏱️
   1 suites  0 💤
   1 files    0 ❌
   
   Results for commit 795fc324.
   
   
[test-results]:data:application/gzip;base64,H4sIAD/llmkC/1WMyw6CMBBFf4V07aKP0Tr+jGlamkwEavpYEf/dgoBld8+5yZmZp6FP7NGJS8dSoXyAK9FkCtOG9cjLpff9TMXas3jRuwp+CG9oOIk+xhA3E8u095bZ5n78r63cxFZuWzaMI+UKTOPVWyXBgPCOOw3Ib4h3abRADw4kaqWAA/t8AcPLSJ77AAAA
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1006065)
    Time Spent: 20m  (was: 10m)

> Return signing keystore certificate when SSL is disabled in Admin API 
> publicCert endpoint
> -----------------------------------------------------------------------------------------
>
>                 Key: KNOX-3255
>                 URL: https://issues.apache.org/jira/browse/KNOX-3255
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> h3. Problem
> The Admin API endpoint:
> {noformat}
>  GET /knoxtopology/admin/api/v1/metadata/publicCert{noformat}
> currently returns the gateway’s public certificate chain obtained from the 
> SSL configuration. However, when SSL is disabled, no SSL certificate chain is 
> available, causing the endpoint to fail with a service unavailable response.
> This behavior prevents clients from retrieving a valid public certificate in 
> deployments where the gateway operates without HTTPS but still uses signing 
> keys (e.g., for token signing).
> h3. Proposed Improvement
> Enhance the endpoint to return an appropriate certificate chain even when SSL 
> is disabled.
> New behavior:
>  * If SSL is enabled → return the SSL public certificate chain (existing 
> behavior)
>  * If SSL is disabled → return the certificate chain associated with the 
> gateway signing key from the signing keystore
> This ensures that a meaningful public certificate is always available for 
> clients that need to verify signatures or establish trust with the gateway.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)