<p dir="ltr">If I have two CAs both claiming to be the root CA for a given Domain, essentially both claiming to be the same CA, this won't cause issues with communication between the engine and the two hosts? Does the CA used for communication between the hosts and the engine only exist in some protected trust store that is the only consulted source for this communication?<br></p>
<p dir="ltr">Thanks, Josh</p>
<br><div class="gmail_quote"><div dir="ltr">On Thu, Sep 29, 2016, 6:53 AM Martin Perina <<a href="mailto:mperina@redhat.com">mperina@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Hi,<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">by default engine uses its own CA to sign certificates for HTTPS access and for engine-host communications. You can use your own CA only for HTTS certification.<br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">So if you are using oVirt 4.0 and you want to start to use custom CA for HTTPS certificates please take a look at Doc Text in:<br><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1336838" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1336838</a><br><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1313379" target="_blank">https://bugzilla.redhat.com/show_bug.cgi?id=1313379</a><br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">@Didi, are there any other steps required for hosted engine regarding custom CA?<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Thanks<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif">Martin Perina<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div></div><div class="gmail_extra"><br><div class="gmail_quote"></div></div><div class="gmail_extra"><div class="gmail_quote">On Wed, Sep 28, 2016 at 1:07 PM, Joshua Doll <span dir="ltr"><<a href="mailto:joshua.doll@gmail.com" target="_blank">joshua.doll@gmail.com</a>></span> wrote:<br></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Hi, I have a two node cluster running a hosted-engine setup. I have stood up an enterprise CA and would like to replace the ovirt self signed certificates. I can't find a list of all the certificates online. Is there a list, or can someone point me in the right direction? <br><br></div>Thanks, Josh<br></div>
<br></blockquote></div></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div>
</blockquote></div>