Re: [ovirt-users] Issue with 4.2.1 RC and SSL
On Sun, Feb 11, 2018 at 11:41 PM, ~Stack~ <i.am.stack(a)gmail.com> wrote:
On 02/11/2018 02:41 AM, Yedidyah Bar David wrote:
> On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul(a)redhat.com> wrote:
>>
>>
>> On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack(a)gmail.com> wrote:
[snip]
>>> We decided to just start from scratch and my coworker watched and
>>> confirmed every step. It works! No problems at all this time. Further
>>> evidence that I goofed _something_ up the first time.
>>
>>
>> We should really have an Ansible role that performs the conversion to
>> self-signed certificates.
>> That would make the conversion easier and safer.
>
> +1
>
> Not sure "self-signed" is the correct term here. Also the internal
> engine CA's cert is self-signed.
>
> I guess you refer to this:
>
> https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
>
> I'd call it "configure-3rd-party-CA" or something like that.
Greetings,
Another +1 from me (obviously! :-).
I also agree in that we are not doing a self-signed cert, but rather
we've purchased a cert from one of the big-name-CA-vendors that is valid
for our domain. "configure-3rd-party-CA" makes more sense to me.
Nit: This big-name-CA-vendors CA's cert is most likely also self-signed,
so it's not a mistake to call it "self-signed". The difference between
"self-signed by _me_" and "self-signed by big-name" is mainly a matter
of
trust and business relations (between that big-name and you, big-name and
the OS/browser vendors, etc.) and not a technical one.
If you loan a friend $100 for a month, the difference between you and a
big bank is very similar to that above difference...
Lastly, that is the link that I used for a guide.
Thanks!
~Stack~
--
Didi