[
https://issues.apache.org/jira/browse/KNOX-3255?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sandor Molnar resolved KNOX-3255.
---------------------------------
Fix Version/s: 3.0.0
Resolution: Fixed
> Return signing keystore certificate when SSL is disabled in Admin API
> publicCert endpoint
> -----------------------------------------------------------------------------------------
>
> Key: KNOX-3255
> URL: https://issues.apache.org/jira/browse/KNOX-3255
> Project: Apache Knox
> Issue Type: Improvement
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Major
> Fix For: 3.0.0
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> h3. Problem
> The Admin API endpoint:
> {noformat}
> GET /knoxtopology/admin/api/v1/metadata/publicCert{noformat}
> currently returns the gateway’s public certificate chain obtained from the
> SSL configuration. However, when SSL is disabled, no SSL certificate chain is
> available, causing the endpoint to fail with a service unavailable response.
> This behavior prevents clients from retrieving a valid public certificate in
> deployments where the gateway operates without HTTPS but still uses signing
> keys (e.g., for token signing).
> h3. Proposed Improvement
> Enhance the endpoint to return an appropriate certificate chain even when SSL
> is disabled.
> New behavior:
> * If SSL is enabled → return the SSL public certificate chain (existing
> behavior)
> * If SSL is disabled → return the certificate chain associated with the
> gateway signing key from the signing keystore
> This ensures that a meaningful public certificate is always available for
> clients that need to verify signatures or establish trust with the gateway.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
