Yes it is generated with engine-setup.

How do you extend the certificate validation value in engine-setup? (I am aware that browser can have problems with long duration certificates as explained in https://techbeacon.com/security/google-apple-mozilla-enforce-1-year-max-security-certifications)

Thanks

On Sat, Nov 4, 2023 at 6:39 PM Matej Dujava <ovirt@kocurkovo.cz> wrote:

Hi,

By self signed cert, you mean managed cert generated by ovirt itself (engine-setup)?

I found an issue https://bugzilla.redhat.com/show_bug.cgi?id=1824103 where it's mentioned that safari (maybe other browsers too) have problem with long self signed CA. Of it's not affecting your clients you can change values and regenerate cert by engine-setup.

You can always generate SSL cert by hand (openssl or cfssl ...) and replace it with following https://www.ovirt.org/documentation/administration_guide/#Replacing_the_Manager_CA_Certificate .

On 4 November 2023 14:18:26 CET, LS CHENG <lsc.oraes@gmail.com> wrote:

Hi again

Forgot to mention that I am using self signed certificates

Thank you

On Sat, Nov 4, 2023 at 2:07 PM LS CHENG <lsc.oraes@gmail.com> wrote:
Hi all

I am running Oracle Linux Virtualization Manager 4.4.

The default expiration length for apache.cer and websocket-proxy.cer is 1 year, is there a way to extend them to 10 years?

Thank you