2:06 p.m.
On Wed, May 10, 2017 at 9:13 AM, Juan Hernández <jhernand(a)redhat.com> wrote:
On 05/10/2017 09:07 AM, Yaniv Kaul wrote:
>
>
> On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina(a)redhat.com
> <mailto:mperina@redhat.com>> wrote:
>
> Does this mean that we need to create new CA for all existing oVirt
> installations which are not using custom HTTPS certificate signed by
> external CA?
>
>
> No, just a new certificate for Engine, I believe.
> Y.
>
Probably not even for the engine, but just for the web server.
@Sandro/@Didi: do we
have some documentation how to create new engine HTTPS certificate signed
by oVirt internal CA with subjectAltName properly set?
>
> On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer(a)redhat.com
> <mailto:nsoffer@redhat.com>> wrote:
>
> On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken(a)redhat.com
> <mailto:danken@redhat.com>> wrote:
>
> On Sun, May 7, 2017 at 8:22 PM, Nir Soffer
> <nsoffer(a)redhat.com <mailto:nsoffer@redhat.com>> wrote:
> > I imported the certificate from my engine into chrome[1],
> but Chrome
> > refuses to use it because:
> >
> > This server could not prove that it is ...; its
security
> > certificate is from [missing_subjectAltName].
> >
> > Same certificate used to work 2 weeks ago, looks like new
> Chrome
> > version changed the rules.
> >
> > Without importing engine CA, there is no way to upload
images
> > via engine.
> >
> > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3.
> >
> > Is this known issue?
> >
> > [1] from
> >
> http://<engine_url>/ovirt-engine/services/pki-resource?
resource=ca-certificate&format=X509-PEM-CA
> >
> > Nir
>
> https://gerrit.ovirt.org/#/c/74614/
> <https://gerrit.ovirt.org/#/c/74614/>
>
> "This patch is not yet working, but can be used for
discussion."
>
>
> Thanks!
>
> Do you know how to manually fix engine certificates until we
> have a working
> patch?
>
> Nir
>
> _______________________________________________
> Devel mailing list
> Devel(a)ovirt.org <mailto:Devel@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel
> <http://lists.ovirt.org/mailman/listinfo/devel>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel(a)ovirt.org <mailto:Devel@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel
> <http://lists.ovirt.org/mailman/listinfo/devel>
>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>