Re: [ovirt-devel] [missing_subjectAltName] in engine ca certificate?

On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina(a)redhat.com <mailto:mperina@redhat.com>> wrote: Does this mean that we need to create new CA for all existing oVirt installations which are not using custom HTTPS certificate signed by external CA? No, just a new certificate for Engine, I believe. Y.

On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer(a)redhat.com <mailto:nsoffer@redhat.com>> wrote: On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken(a)redhat.com <mailto:danken@redhat.com>> wrote: On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <nsoffer(a)redhat.com <mailto:nsoffer@redhat.com>> wrote: > I imported the certificate from my engine into chrome[1], but Chrome > refuses to use it because: > > This server could not prove that it is ...; its security > certificate is from [missing_subjectAltName]. > > Same certificate used to work 2 weeks ago, looks like new Chrome > version changed the rules. > > Without importing engine CA, there is no way to upload images > via engine. > > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3. > > Is this known issue? > > [1] from > http://<engine_url>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA > > Nir https://gerrit.ovirt.org/#/c/74614/ <https://gerrit.ovirt.org/#/c/74614/> "This patch is not yet working, but can be used for discussion." Thanks! Do you know how to manually fix engine certificates until we have a working patch? Nir _______________________________________________ Devel mailing list Devel(a)ovirt.org <mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel <http://lists.ovirt.org/mailman/listinfo/devel> _______________________________________________ Devel mailing list Devel(a)ovirt.org <mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel <http://lists.ovirt.org/mailman/listinfo/devel> _______________________________________________ Devel mailing list Devel(a)ovirt.org http://lists.ovirt.org/mailman/listinfo/devel