Sandro, the main is - "admin enroll new cert, but engine spam to log that cert will be expire"

Check host cert via Martin snippet, the cert is deployed at Jan 10 2022

[root@control1 ovirt-engine]# openssl s_client -showcerts -connect 192.168.101.16:54321 | openssl x509 -text -noout | grep -A2 Validity
Can't use SSL_get_servername
depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279
verify return:1
depth=0 O = opentech.local, CN = 192.168.101.16
verify return:1
140358921414464:error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl/record/rec_layer_s3.c:1543:SSL alert number 116
        Validity
            Not Before: Jan 10 16:57:10 2022 GMT
            Not After : Feb 13 16:57:10 2023 GMT


But engine "don't see this changes" at 12 Jan, 13 Jan

[root@control1 ovirt-engine]# gunzip -c *\.gz | ack 'certification is about to expire' | grep ovirt-host6 | awk '{print $1 " " $2 " "  $10}'
2022-01-11 20:57:33,890+07 ovirt-host6.opentech.local
2022-01-12 20:57:33,925+07 ovirt-host6.opentech.local
2022-01-13 20:57:33,958+07 ovirt-host6.opentech.local


Yesterday I was restarted ovirt-engine, now this alerts are gone
The certificate enrolling routine should be documented

Thanks,
k

On 14 Jan 2022, at 11:48, Sandro Bonazzola <sbonazzo@redhat.com> wrote:

Martin, is this something which can fit in oVirt administration documentation?
Konstantin, what's the purpose of getting the certificate's dates?