On Wed, May 10, 2017 at 9:13 AM, Juan Hernández <jhernand@redhat.com> wrote:
On 05/10/2017 09:07 AM, Yaniv Kaul wrote:
On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina@redhat.com <mailto:mperina@redhat.com>> wrote:
Does this mean that we need to create new CA for all existing oVirt installations which are not using custom HTTPS certificate signed by external CA?
No, just a new certificate for Engine, I believe. Y.
Probably not even for the engine, but just for the web server.
@Sandro/@Didi: do we have some documentation how to create new engine HTTPS certificate signed by oVirt internal CA with subjectAltName properly set?
On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer@redhat.com <mailto:nsoffer@redhat.com>> wrote:
On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken@redhat.com <mailto:danken@redhat.com>> wrote:
On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <nsoffer@redhat.com <mailto:nsoffer@redhat.com>> wrote: > I imported the certificate from my engine into chrome[1], but Chrome > refuses to use it because: > > This server could not prove that it is ...; its
security
> certificate is from [missing_subjectAltName]. > > Same certificate used to work 2 weeks ago, looks like new Chrome > version changed the rules. > > Without importing engine CA, there is no way to upload
images
> via engine. > > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3. > > Is this known issue? > > [1] from > http://<engine_url>/ovirt-engine/services/pki-resource?
resource=ca-certificate&format=X509-PEM-CA
> > Nir
https://gerrit.ovirt.org/#/c/74614/ <https://gerrit.ovirt.org/#/c/74614/>
"This patch is not yet working, but can be used for
discussion."
Thanks!
Do you know how to manually fix engine certificates until we have a working patch?
Nir
_______________________________________________ Devel mailing list Devel@ovirt.org <mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel <http://lists.ovirt.org/mailman/listinfo/devel>
_______________________________________________ Devel mailing list Devel@ovirt.org <mailto:Devel@ovirt.org> http://lists.ovirt.org/mailman/listinfo/devel <http://lists.ovirt.org/mailman/listinfo/devel>
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel