<div dir="ltr"><div class="gmail_quote"><div dir="ltr">On Wed, May 10, 2017 at 9:35 AM Martin Perina <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Does this mean that we need to create new CA for all existing oVirt installations which are not using custom HTTPS certificate signed by external CA?<br></div></div></blockquote><div><br></div><div>This seems to be the case, Chrome is rejecting the old certificate.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <span dir="ltr"><<a href="mailto:nsoffer@redhat.com" target="_blank">nsoffer@redhat.com</a>></span> wrote:<br></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr">On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <<a href="mailto:danken@redhat.com" target="_blank">danken@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <<a href="mailto:nsoffer@redhat.com" target="_blank">nsoffer@redhat.com</a>> wrote:<br>
> I imported the certificate from my engine into chrome[1], but Chrome<br>
> refuses to use it because:<br>
><br>
> This server could not prove that it is ...; its security<br>
> certificate is from [missing_subjectAltName].<br>
><br>
> Same certificate used to work 2 weeks ago, looks like new Chrome<br>
> version changed the rules.<br>
><br>
> Without importing engine CA, there is no way to upload images<br>
> via engine.<br>
><br>
> Tested on engine 4.1.1 and 4.1.2 on Centos 7.3.<br>
><br>
> Is this known issue?<br>
><br>
> [1] from<br>
> http://<engine_url>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA<br>
><br>
> Nir<br>
<br>
<a href="https://gerrit.ovirt.org/#/c/74614/" rel="noreferrer" target="_blank">https://gerrit.ovirt.org/#/c/74614/</a><br>
<br>
"This patch is not yet working, but can be used for discussion."<br></blockquote><div><br></div><div>Thanks!</div><div><br></div><div>Do you know how to manually fix engine certificates until we have a working</div><div>patch?</div><span class="m_-1849309025364466414HOEnZb"><font color="#888888"><div><br></div><div>Nir</div></font></span></div></div>
<br></blockquote></div></div></div><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
Devel mailing list<br>
<a href="mailto:Devel@ovirt.org" target="_blank">Devel@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/devel" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/devel</a><br></blockquote></div><br></div></div>
</blockquote></div></div>