We are receiving this message into engine web page, surprising us due to certificate renewal done three months ago, during upgrade from 4.5.2 to 4.5.3. Infact, all certificates are valid, with only two exceptions: In /etc/pki/ovirt-engine/certs, apache.cer and websocket-proxy.cer were reporting expired certificates. We've done the defined action to renew certificates, with engine-setup --oflline and everything goes smoothly, but instead of two 5-years valid SSL certificates, we've got 2 1-year valid (more or less): #openssl x509 -noout -startdate -enddate -in websocket-proxy.cer notBefore=Feb 4 20:59:14 2023 GMT notAfter=Mar 9 20:59:14 2024 GMT #openssl x509 -noout -startdate -enddate -in apache.cer notBefore=Feb 4 20:59:14 2023 GMT notAfter=Mar 9 20:59:14 2024 GMT It's the correct behaviour ? I'm already aware about web SSL certificate duration "restriction" to 1-year, but all other certs have a 5-year validity. Here's one of: #openssl x509 -noout -startdate -enddate -in vmconsole-proxy-user.cer notBefore=Nov 20 11:11:08 2022 GMT notAfter=Nov 22 11:11:08 2027 GMT This post just for confirmation that this is correct behavior. Roberto Nunin