On Thu, Jul 5, 2018 at 5:20 PM, Nir Soffer <nsoffer@redhat.com> wrote:
On Thu, Jul 5, 2018 at 4:55 PM <etienne.charlier@reduspaceservices.eu> wrote:
Thanks a lot for your support!
A reinstalled a fresh ovirt-engine and managed to import the certificate.
A managed to upload an image even with the self signed certificates configured.
I think a "simple" way to allow letsencrypt certificates to be used for "external access" web UI, API..; could be useful
I agree.
Didi, can we integrate with letsencrypt to have engine/imageio certificates respected by browsers without additional configuration?
I never looked specifically at this. We do have these open bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1336873 https://bugzilla.redhat.com/show_bug.cgi?id=1134219 If we want to specifically handle LE, please open a bug. Not sure we should.
The need to import the CA into your browser is to upload images is a big user experience issue. We see users failing to do it again and again.
I guess we have here two different issues: 1. By default, we (by default) generate a different key/cert pair for imageio, rather than use the one for httpd. So a user accepting the cert for httpd still fails to use the cert for imageio, until it's accepted as well. Perhaps we should use by default the same pair? No idea why we decided to use a separate pair. Please open an RFE to use the same pair as httpd. 2. The procedure to use a 3rd-party CA does not mention imageio. That's already discussed earlier in this thread. Best regards, -- Didi