On 05/10/2017 09:07 AM, Yaniv Kaul wrote:
>
>
> On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina@redhat.com
> <mailto:mperina@redhat.com>> wrote:
>
> Does this mean that we need to create new CA for all existing oVirt
> installations which are not using custom HTTPS certificate signed by
> external CA?
>
>
> No, just a new certificate for Engine, I believe.
> Y.
>
Probably not even for the engine, but just for the web server.
>
> On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer@redhat.com
> <mailto:nsoffer@redhat.com>> wrote:
>
> On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken@redhat.com
> <mailto:danken@redhat.com>> wrote:
>
> On Sun, May 7, 2017 at 8:22 PM, Nir Soffer
> <nsoffer@redhat.com <mailto:nsoffer@redhat.com>> wrote:
> > I imported the certificate from my engine into chrome[1],
> but Chrome
> > refuses to use it because:
> >
> > This server could not prove that it is ...; its security
> > certificate is from [missing_subjectAltName].
> >
> > Same certificate used to work 2 weeks ago, looks like new
> Chrome
> > version changed the rules.
> >
> > Without importing engine CA, there is no way to upload images
> > via engine.
> >
> > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3.
> >
> > Is this known issue?
> >
> > [1] from
> >
> http://<engine_url>/ovirt-engine/services/pki-resource? resource=ca-certificate& format=X509-PEM-CA
> >
> > Nir
>
> https://gerrit.ovirt.org/#/c/74614/
> <https://gerrit.ovirt.org/#/c/74614/ >
>
> "This patch is not yet working, but can be used for discussion."
>
>
> Thanks!
>
> Do you know how to manually fix engine certificates until we
> have a working
> patch?
>
> Nir
>
> _______________________________________________
> Devel mailing list
> Devel@ovirt.org <mailto:Devel@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel
> <http://lists.ovirt.org/mailman/listinfo/devel >
>
>
>
> _______________________________________________
> Devel mailing list
> Devel@ovirt.org <mailto:Devel@ovirt.org>
> http://lists.ovirt.org/mailman/listinfo/devel
> <http://lists.ovirt.org/mailman/listinfo/devel >
>
>
>
>
> _______________________________________________
> Devel mailing list
> Devel@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>