cfy_manager configure will always use internal ca to configure cli

[longtian]

version: 6.4.0

steps to reproduce:

1. install cloudify
2. copy certificates I got from ACME to /home/centos/certs
3. update ssl_input and manager in /etc/cloudify/config.yaml
4. cfy_manager configure

cfy_manager configure will fail

Error Message

2023-04-08 11:41:27,371 - [CLI] - NOTICE - Configuring Cloudify CLI...
2023-04-08 11:41:27,371 - [CLI] - INFO - Setting CLI for the root user...

2023-04-08 11:41:27,371 - [MAIN] - ERROR - ProcessExecutionError: Failed running command: ['cfy', 'profiles', 'set', '-m', 'example.com', '-t', 'default_tenant', '-u', 'admin', '-c', '/etc/cloudify/ssl/cloudify_internal_ca_cert.pem', '--ssl', 'on'] ().
ProcessExecutionError: Failed running command: ['cfy', 'profiles', 'set', '-m', 'example.com', '-t', 'default_tenant', '-u', 'admin', '-c', '/etc/cloudify/ssl/cloudify_internal_ca_cert.pem', '--ssl', 'on'] ().

Config File

manager:
  cli_local_profile_host_name: 'example.com'

ssl_inputs:
  external_cert_path: '/home/centos/certs/certificate.crt'
  external_key_path: '/home/centos/certs/private.key'
  external_ca_cert_path: '/home/centos/certs/ca_bundle.crt'

Analysis

the problem is with

https://github.com/cloudify-cosmo/cloudify-manager-install/blob/6.4.0/cfy_manager/components/cli/cli.py#L71

if config[MANAGER][SECURITY]['ssl_enabled']:
  set_cmd += ['-c', CA_CERT_PATH, '--ssl', 'on']
else:
  set_cmd += ['--ssl', 'off']

this logic can be improved like

if config[MANAGER][SECURITY]['ssl_enabled']:
   if  config[SSL_INPUTS]['external_cert_path'] != '':
     set_cmd += ['-c', CA_CERT_PATH, '--ssl', 'on']
   else:
     set_cmd += ['-c', EXTERNAL_CA_CERT_PATH , '--ssl', 'on']
else:
    set_cmd += ['--ssl', 'off']