<div dir="ltr">

<div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Hi,</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">I setup an hyperconverged solution with 3 nodes, hosted engine on glusterfs.</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">We run this setup in a PCI-DSS environment. According to PCI-DSS requirements, we are required to reduce the validity of any certificate under 39 months.</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">I saw in this link <a href="https://www.ovirt.org/develop/release-management/features/infra/pki/" target="_blank" rel="noopener" style="outline:none;color:rgb(65,120,190)">https://www.ovirt.org/develop/release-management/features/infra/pki/</a> that i can use the option VdsCertificateValidityInYears at engine-config.</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">I&#39;m running ovirt engine 4.2.1 and i checked when i was on 4.2 how to edit the option with engine-config --all and engine-config --list but the option is not listed</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Am i missing something ?</div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"> </div><div dir="ltr" style="outline:none;color:rgb(18,18,18);font-family:Arial,Helvetica,sans-serif;font-size:14px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">I thing i can regenerate a VDSM certificate with openssl and the CA conf in /etc/pki/ovirt-engine on the hosted-engine but i would rather modifiy the option for future host that I will add.</div>

<div><br></div>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">-------------------------------------<br>PAINT-KOUI Punaatua<br></div>
</div>