Summary: foreman certs about to expire
Key: OVIRT-1994
URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1994
Project: oVirt - virtualization made easy
Issue Type: Task
Reporter: Evgheni Dereveanchin
Assignee: infra
Priority: High
The oVirt Foreman was deployed on 05.05.2013 and soon most of the certs issued at that time will expire.
Here's a message shown on one of the older systems under its management: Warning: Certificate ‘Puppet CA: foreman.ovirt.org’ will expire on 2018-05-05T19:41:35GMT Warning: Certificate ‘foreman.ovirt.org’ will expire on 2018-07-02T13:50:12GMT Warning: Certificate ‘monitoring.ovirt.org’ will expire on 2018-05-28T15:32:20GMT
So the CA certificate is expiring this week, the puppetmaster one – in two months and some client certs – even sooner than that.
A possible fix is to generate new CA and puppetmaster certificates using original CSRs, then delete /var/lib/puppet/ssl/certs/ca.pem on clients and most of them should keep working since their own certs will still be signed using the same keys.
— This message was sent by Atlassian Jira (v1001.0.0-SNAPSHOT#100083)