We are receiving this message into engine web page, surprising us due to
certificate renewal done three months ago, during upgrade from 4.5.2 to
4.5.3.
Infact, all certificates are valid, with only two exceptions:
In /etc/pki/ovirt-engine/certs, apache.cer and websocket-proxy.cer were
reporting expired certificates.
We've done the defined action to renew certificates, with engine-setup
--oflline and everything goes smoothly, but instead of two 5-years valid
SSL certificates, we've got 2 1-year valid (more or less):
#openssl x509 -noout -startdate -enddate -in websocket-proxy.cer
notBefore=Feb 4 20:59:14 2023 GMT
notAfter=Mar 9 20:59:14 2024 GMT
#openssl x509 -noout -startdate -enddate -in apache.cer
notBefore=Feb 4 20:59:14 2023 GMT
notAfter=Mar 9 20:59:14 2024 GMT
It's the correct behaviour ? I'm already aware about web SSL certificate
duration "restriction" to 1-year, but all other certs have a 5-year
validity.
Here's one of:
#openssl x509 -noout -startdate -enddate -in vmconsole-proxy-user.cer
notBefore=Nov 20 11:11:08 2022 GMT
notAfter=Nov 22 11:11:08 2027 GMT
This post just for confirmation that this is correct behavior.
Roberto Nunin