On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina@redhat.com> wrote:
Does this mean that we need to create new CA for all existing oVirt installations which are not using custom HTTPS certificate signed by external CA?

No, just a new certificate for Engine, I believe.
Y.


On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer@redhat.com> wrote:
On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken@redhat.com> wrote:
On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <nsoffer@redhat.com> wrote:
> I imported the certificate from my engine into chrome[1], but Chrome
> refuses to use it because:
>
>     This server could not prove that it is ...; its security
>     certificate is from [missing_subjectAltName].
>
> Same certificate used to work 2 weeks ago, looks like new Chrome
> version changed the rules.
>
> Without importing engine CA, there is no way to upload images
> via engine.
>
> Tested on engine 4.1.1 and 4.1.2 on Centos 7.3.
>
> Is this  known issue?
>
> [1] from
> http://<engine_url>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
>
> Nir

https://gerrit.ovirt.org/#/c/74614/

"This patch is not yet working, but can be used for discussion."

Thanks!

Do you know how to manually fix engine certificates until we have a working
patch?

Nir

_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel


_______________________________________________
Devel mailing list
Devel@ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel