I plan to update the koji certificate to use a well-known one
At this time, we are using a certificate from our own rpmfusion-server
CA, but it's not well suited for occasional end-users.
It's not that easy compared with other applications as many rpmfusion
services are expecting a dedicated CA passed as a parameter and do not
rely on the system ca trust store.
There are few steps to go into that direction:
Bundle rpmfusion-server ca into system root ca on affected VMs
Prepare the configuration change from ansible-infra.
Switch configurations to not rely on serverca parameters
Update rpmfusion-package not to rely on serverca parameter. (and drop
the deprecated ca parameter that was unused for client certificates).
Switch koji to use letsencrypt certificates.
Restart internal services to use the new certificates.
I'm mostly done for step1, but as a matter of delegation , I would
like someone else to do the task for step3 for rpmfusion-packager:
See also a way to bundle rpmfusion-server-ca into the sytem trust CA :
Thanks in advances.