Hi,
I'm running a single-host, hosted-engine Ovirt deployment, version 4.3.10
(upgraded from 4.0->4.1->4.2) and it's complaining that my host cert does
not have a SubjectAltName.
If I try to use pki-enroll-request.sh to rebuild the host cert and follow
the instructions to add a --san, I get an error:
/usr/share/ovirt-engine/bin/pki-enroll-request.sh --name=host.na.me
--san=host.na.me
Using configuration from openssl.conf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
organizationName :PRINTABLE:'My Org Name'
commonName :PRINTABLE:'host.na.me'
ERROR: adding extensions in section v3_ca_san
139875647600528:error:2207507C:X509 V3
routines:v2i_GENERAL_NAME_ex:missing value:v3_alt.c:531:
139875647600528:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
extension:v3_conf.c:95:name=subjectAltName, value=host.na.me
Cannot sign certificate
Am I using this script incorrectly?
Thanks,
-derek
--
Derek Atkins 617-623-3745
derek(a)ihtfp.com
www.ihtfp.com
Computer and Internet Security Consultant