Comment 2 for bug 1828470

To retrieve ceph-mgr restful plugin self-signed certificate:

  openssl x509 -in <(openssl s_client -connect controller-0:5001 -prexit 2>/dev/null) > ceph-restful.pem

However the the certificate is bound to 'ceph-restful' host:

  curl --cacert ceph-restful.pem https://controller:5001

fails so a host alias needs to be defined:

  sudo sed -i 's/\(\w\+\s\+controller\)\s*$/\1\tceph-restful/' /etc/hosts

and now (note the new host name):

  curl --cacert ceph-restful.pem https://ceph-restful:5001

is successful.

Another approach is to generate a certificate and configure ceph-mgr restful plugin to use that certificate instead of generating it. But then we need to manage that certificate and make it available on both controllers.