Re: [Users] replace engine hostname /pki
Additional question regarding the certificates/pki:
the wikipage states:
"The bigger concern is with the engine's certificate. Currently, to the
best of our knowledge, there is no component that actually checks this
trust."
(All three certificates (CA, httpd, engine) are for the Common Name (CN)
whose value is the hostname entered during engine-setup, which is
supposed to be the hostname of the engine's machine, exist in the dns
(forward and reverse records), and point to an IP address of the
engine's machine. )
Is there a list of values that get checked? e.g. the validity dates
before and after?
users might run into trouble in 10 years if this gets checked, because
that is the current expiration date.
if _nothing_ gets checked I wonder why the PKI is used at all ;)
(I assume at least the keys get checked)
Am 29.01.2014 11:34, schrieb Yedidyah Bar David:
It was actually replaced with a utility that does that:
http://www.ovirt.org/Changing_Engine_Hostname
You might want to add a link there. I noticed that there are other such
pages and did not bother to fix them all, some in other sites :-(
--
Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen