josenk
commented
1 year ago Not secure to set this. I think it would be better if you use real certs on your ovf_source urls. Let's Encrypt is a possible solution.
Open hlaf opened 1 year ago
josenk
commented
1 year ago Not secure to set this. I think it would be better if you use real certs on your ovf_source urls. Let's Encrypt is a possible solution.
hlaf
commented
1 year ago I agree that this is not secure. I was misled by the use of the --noSSLVerify ovftool command-line option to build ovf_cmd, which seemed to suggest that SSL verification was to be skipped both for the destination and source connections. It seems that more recent versions of ovftool now have --noSourceSSLVerify and --noDestinationSSLVerify options to support use cases such as this one.
Enables the use of an ovf_source with a self-signed certificate and ensures consistency with the use of ovftool's '--noSSLVerify' option.