Re: [ovirt-users] Replacing Certificates in hosted-engine cluster
If I have two CAs both claiming to be the root CA for a given Domain,
essentially both claiming to be the same CA, this won't cause issues with
communication between the engine and the two hosts? Does the CA used for
communication between the hosts and the engine only exist in some protected
trust store that is the only consulted source for this communication?
Thanks, Josh
On Thu, Sep 29, 2016, 6:53 AM Martin Perina <mperina(a)redhat.com> wrote:
Hi,
by default engine uses its own CA to sign certificates for HTTPS access
and for engine-host communications. You can use your own CA only for HTTS
certification.
So if you are using oVirt 4.0 and you want to start to use custom CA for
HTTPS certificates please take a look at Doc Text in:
https://bugzilla.redhat.com/show_bug.cgi?id=1336838
https://bugzilla.redhat.com/show_bug.cgi?id=1313379
@Didi, are there any other steps required for hosted engine regarding
custom CA?
Thanks
Martin Perina
On Wed, Sep 28, 2016 at 1:07 PM, Joshua Doll <joshua.doll(a)gmail.com>
wrote:
> Hi, I have a two node cluster running a hosted-engine setup. I have stood
> up an enterprise CA and would like to replace the ovirt self signed
> certificates. I can't find a list of all the certificates online. Is there
> a list, or can someone point me in the right direction?
>
> Thanks, Josh
>
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
Attachments:
- attachment.html (text/html — 3.2 KB)