From: Martin Koch Date: Tue, 30 Sep 2025 12:58:52 +0000 (+0200) Subject: doc/mgr/dashboard: add note that only RSA keys are supported for TLS X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F65731%2Fhead;p=ceph.git doc/mgr/dashboard: add note that only RSA keys are supported for TLS The dashboard module fails to start when configured with ECDSA/EC private keys due to pyOpenSSL limitations ("key type unsupported"). Add a note to the SSL/TLS documentation advising users to use RSA keys until ECDSA is supported. References: https://tracker.ceph.com/issues/73324 Signed-off-by: Martin Koch --- diff --git a/doc/mgr/dashboard.rst b/doc/mgr/dashboard.rst index 2244e79e3af3..ca8ccff886ce 100644 --- a/doc/mgr/dashboard.rst +++ b/doc/mgr/dashboard.rst @@ -244,6 +244,19 @@ For example, a key pair can be generated with a command similar to: -subj "/O=IT/CN=ceph-mgr-dashboard" -days 3650 \ -keyout dashboard.key -out dashboard.crt -extensions v3_ca +.. note:: + + Currently, the Ceph Dashboard supports only RSA private keys for SSL/TLS + certificates. If you attempt to configure the dashboard with an ECDSA/EC + key, the module will fail to start with an error similar to: + + ``MGR_MODULE_ERROR: Module 'dashboard' has failed: key type unsupported`` + + This limitation exists because the verification routine in the Ceph Manager + uses pyOpenSSL, which supports only RSA keys in its + ``PKey.check()`` method. Until this restriction is lifted, generate or + request certificates with RSA keys. + The ``dashboard.crt`` file should then be signed by a CA. Once that is done, you can enable it for Ceph manager instances by running the following commands: