On Sun, Feb 11, 2018 at 11:41 PM, ~Stack~ <i.am.stack@gmail.com> wrote:
On 02/11/2018 02:41 AM, Yedidyah Bar David wrote:
On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <ykaul@redhat.com> wrote:
On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.stack@gmail.com> wrote:
[snip]
We decided to just start from scratch and my coworker watched and confirmed every step. It works! No problems at all this time. Further evidence that I goofed _something_ up the first time.
We should really have an Ansible role that performs the conversion to self-signed certificates. That would make the conversion easier and safer.
+1
Not sure "self-signed" is the correct term here. Also the internal engine CA's cert is self-signed.
I guess you refer to this:
https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
I'd call it "configure-3rd-party-CA" or something like that.
Greetings,
Another +1 from me (obviously! :-).
I also agree in that we are not doing a self-signed cert, but rather we've purchased a cert from one of the big-name-CA-vendors that is valid for our domain. "configure-3rd-party-CA" makes more sense to me.
Nit: This big-name-CA-vendors CA's cert is most likely also self-signed, so it's not a mistake to call it "self-signed". The difference between "self-signed by _me_" and "self-signed by big-name" is mainly a matter of trust and business relations (between that big-name and you, big-name and the OS/browser vendors, etc.) and not a technical one. If you loan a friend $100 for a month, the difference between you and a big bank is very similar to that above difference...
Lastly, that is the link that I used for a guide.
Thanks! ~Stack~
-- Didi