11:41 p.m.
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91
Content-Type: multipart/mixed; boundary="HEq0HKrZuQcDum2lNJDexCSlzddd54KDf";
protected-headers="v1"
From: ~Stack~ <i.am.stack(a)gmail.com>
To: Yedidyah Bar David <didi(a)redhat.com>, Yaniv Kaul <ykaul(a)redhat.com>
Cc: users <users(a)ovirt.org>
Message-ID: <9c8ad0ff-9510-d524-9dc6-310666264876(a)gmail.com>
Subject: Re: [ovirt-users] Issue with 4.2.1 RC and SSL
References: <ff271e8b-7ec9-f0b6-6e00-511c5aad1b27(a)gmail.com>
<CAMuConxhWp=LStDpGCwCo5vK31qFd_2cLLf-WzXELwMSHDws6g(a)mail.gmail.com>
<4179b0be-6579-d86e-dc2e-e64c5e3cb57b(a)gmail.com>
<CAJgorsa9wyT4AT0gZx0JD2teh25yg0HgHwSntfCoyAtwx3_W2w(a)mail.gmail.com>
<CAHRwYXsL1T3kCkdExQfQ2+4j4kk00FFGCbi4erzhqFNDmSyzSA(a)mail.gmail.com>
In-Reply-To: <CAHRwYXsL1T3kCkdExQfQ2+4j4kk00FFGCbi4erzhqFNDmSyzSA(a)mail.gmail.com>
--HEq0HKrZuQcDum2lNJDexCSlzddd54KDf
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable
On 02/11/2018 02:41 AM, Yedidyah Bar David wrote:
On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul(a)redhat.com>
wrote:
>
>
> On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack(a)gmail.com> wrote:=
[snip]
>> We decided to just start from scratch and my coworker watched
and
>> confirmed every step. It works! No problems at all this time. Further=
>> evidence that I goofed _something_ up the first time.
>
>
> We should really have an Ansible role that performs the conversion to
> self-signed certificates.
> That would make the conversion easier and safer.
=20
+1
=20
Not sure "self-signed" is the correct term here. Also the internal
engine CA's cert is self-signed.
=20
I guess you refer to this:
=20
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
=20
I'd call it "configure-3rd-party-CA" or something like that.
Greetings,
Another +1 from me (obviously! :-).
I also agree in that we are not doing a self-signed cert, but rather
we've purchased a cert from one of the big-name-CA-vendors that is valid
for our domain. "configure-3rd-party-CA" makes more sense to me.
Lastly, that is the link that I used for a guide.
Thanks!
~Stack~
--HEq0HKrZuQcDum2lNJDexCSlzddd54KDf--
--4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQIcBAEBCAAGBQJagLiUAAoJELkej+ysXJPmISAP/j244ZJaeOwD6DgasjjO+8on
Ocb4h8PAt6W2aFIVSOW63XyE78gxaLI92p2yFB/lK2YSEmPM0vZH385BMswNZOSR
ms16EEmOPM7zAbd4YSZW0N+VEHvOgwp6tUA5JXR5mb0n6a1+ioPC9jTOAgd+bdIZ
WqdCnDpjij5cEz22Iptv2FMgCYNU1oA6HKXb3Mvlfl6Q9Aj+xx66wyAgVnMuII8I
dQQKfKMVKmak691p0eNdByjOw0k3ShdYDjsSyetwe6RSZhKH+PjIBSLrvS9CsseI
EDFC4ZyZ+NxWqUw0n+t3PTFMnOSW6lZ/RPzEcKROSY0CFE0DyULRbQATV5co+NCo
CnH2HzIxbQ7m+n4QzzP+fGlnbSwHkSaI8+iKQCvVkplXTsXaktm4McH6qw6ctbgg
UU3/5genkTvva9A39U5Q37XW3D+xnIlIyqlaUEp57OGrrwpujrLwBWoHCFpePegB
6T3g8qQrI8sjzeVFVJWdzfZawMk43btbBSLhUNu0oGMovM0iQd26K5kqatwYCPaY
k9QA17+UWAkVlQMqz+Hif+yMYcNPaa/g88Sg+3qGQyPAh8NVcYlcwEfmGnjOxAv7
IHrrhbO7nlaf97ujNPdkWTAS2TQOoW0eaXE3beVl7RRXj/wD5Gcm7S43BfDS8VR+
aJZRPGPc9nRK8eU1UTra
=cpoB
-----END PGP SIGNATURE-----
--4BFXM4dprdXvY9i0EwAh1haI8NcHpGu91--