As you know, there are many kinds of certificates in Ovirt, used for
communication, authentication and so on.
However, in practice, there is a security risk related to the above
certificates.
That is, you need to generate a new certificate after the certificate
expires. Otherwise, a problem will occur.
In addition, different certificates expire at different times, which brings
a lot of management trouble to users.
Especially in the production system, a huge virtualization cluster may run
thousands of VMS. If a cluster certificate has a problem, the impact is very
serious.
So I felt there was an urgent need for a technical tool that could help
users quickly locate certificates, identify their expiration dates, and
rebuild them.
Even if there is no tool, there should be a way to solve the problems caused
by partial certificate expiration. I think it should include the following
points:
First, how to list the certificate in detail
Second, how to check the certificate expiration time
Third, how to rebuild the certificate
Does anyone else have this kind of confusion? What's a good solution?
Thanks.