Closed jefflill closed 3 years ago
Hmmm: I just manually SSH'ed into my XCP-ng server and was able to download our XVA file via wget
and curl
without an issue. So this isn't a Linux certificates issue.
Citrix seems to be following this but nothing appears to be happening as of April 2020:
https://github.com/xcp-ng/xcp/issues/318
One workaround inspired by @marcusbooyah would be to start a very small VM on the XCP host that downloads the template via HTTPS and then have the host pull from the VM. This could also be used for assembling a multi-part template as well getting us past the GitHub release artifact 2GB limit.
XCP-ng Center ships with a Windows xe.exe client and that makes it possible to push/pull images from/to the Windows workstation. It even works with gzipped files!
Doing this will work around the lack of HTTPS support in XenServer. We'll track the implementation in #1130 and close this issue.
XenServer/XCP-ng don't allow VM template downloading via HTTPS. This is a security issue because it could be possible for a man-in-the-middle to substitute a different image.
Perhaps this is a Linux thing we could fix by installing or updating certificates on the Xen host machine.