[jira] [Work logged] (KNOX-3255) Return signing keystore certificate when SSL is disabled in Admin API publicCert endpoint

Thu, 19 Feb 2026 06:25:04 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-3255?focusedWorklogId=1006142&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-1006142
 ]

ASF GitHub Bot logged work on KNOX-3255:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 19/Feb/26 14:24
            Start Date: 19/Feb/26 14:24
    Worklog Time Spent: 10m 
      Work Description: smolnar82 merged PR #1149:
URL: https://github.com/apache/knox/pull/1149




Issue Time Tracking
-------------------

    Worklog Id:     (was: 1006142)
    Time Spent: 0.5h  (was: 20m)

> Return signing keystore certificate when SSL is disabled in Admin API 
> publicCert endpoint
> -----------------------------------------------------------------------------------------
>
>                 Key: KNOX-3255
>                 URL: https://issues.apache.org/jira/browse/KNOX-3255
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Sandor Molnar
>            Assignee: Sandor Molnar
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> h3. Problem
> The Admin API endpoint:
> {noformat}
>  GET /knoxtopology/admin/api/v1/metadata/publicCert{noformat}
> currently returns the gateway’s public certificate chain obtained from the 
> SSL configuration. However, when SSL is disabled, no SSL certificate chain is 
> available, causing the endpoint to fail with a service unavailable response.
> This behavior prevents clients from retrieving a valid public certificate in 
> deployments where the gateway operates without HTTPS but still uses signing 
> keys (e.g., for token signing).
> h3. Proposed Improvement
> Enhance the endpoint to return an appropriate certificate chain even when SSL 
> is disabled.
> New behavior:
>  * If SSL is enabled → return the SSL public certificate chain (existing 
> behavior)
>  * If SSL is disabled → return the certificate chain associated with the 
> gateway signing key from the signing keystore
> This ensures that a meaningful public certificate is always available for 
> clients that need to verify signatures or establish trust with the gateway.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to