We are receiving this message into engine web page, surprising us due to certificate renewal done three months ago, during upgrade from 4.5.2 to 4.5.3.

Infact, all certificates are valid, with only two exceptions:

In /etc/pki/ovirt-engine/certs, apache.cer and websocket-proxy.cer were reporting expired certificates.

We've done the defined action to renew certificates, with engine-setup --oflline and everything goes smoothly, but instead of two 5-years valid SSL certificates, we've got 2 1-year valid (more or less):

#openssl x509 -noout -startdate -enddate -in websocket-proxy.cer

notBefore=Feb 4 20:59:14 2023 GMT

notAfter=Mar 9 20:59:14 2024 GMT

#openssl x509 -noout -startdate -enddate -in apache.cer

notBefore=Feb 4 20:59:14 2023 GMT

notAfter=Mar 9 20:59:14 2024 GMT

It's the correct behaviour ? I'm already aware about web SSL certificate duration "restriction" to 1-year, but all other certs have a 5-year validity.

Here's one of:

#openssl x509 -noout -startdate -enddate -in vmconsole-proxy-user.cer

notBefore=Nov 20 11:11:08 2022 GMT

notAfter=Nov 22 11:11:08 2027 GMT

This post just for confirmation that this is correct behavior.

Roberto Nunin