Bad libvirt-spice certificate - regenerate?
I have an oVirt 4.1 cluster that was initially installed with 3.5 in 2014. The SSL certificates on the physical hosts in /etc/pki/vdsm/libvirt-spice have a problem - the "not before" date is invalid (it doesn't include a time zone), and so I can't connect to VM consoles from a client with OpenSSL 1.1.0i (up to date Fedora 27). How can I regenerate these certificates? Also, I noticed they expire next year - is that expiration handled automatically? -- Chris Adams <cma@cmadams.net>
Hello Chris, engine-setup should renew the certificates, the event notifier can send warnings about expired or expiring certificates. Regards, Paul S. ________________________________________ From: Chris Adams <cma@cmadams.net> Sent: 02 October 2018 15:04 To: users@ovirt.org Subject: [ovirt-users] Bad libvirt-spice certificate - regenerate? I have an oVirt 4.1 cluster that was initially installed with 3.5 in 2014. The SSL certificates on the physical hosts in /etc/pki/vdsm/libvirt-spice have a problem - the "not before" date is invalid (it doesn't include a time zone), and so I can't connect to VM consoles from a client with OpenSSL 1.1.0i (up to date Fedora 27). How can I regenerate these certificates? Also, I noticed they expire next year - is that expiration handled automatically? -- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EMV5VLZMMT7MG... To view the terms under which this email is distributed, please go to:- http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html
Is there a way to force the libvirt-spice certificates to be renewed now (since they are invalid and keeping me from connecting to VM consoles)? Once upon a time, Staniforth, Paul <P.Staniforth@leedsbeckett.ac.uk> said:
Hello Chris, engine-setup should renew the certificates, the event notifier can send warnings about expired or expiring certificates.
Regards, Paul S. ________________________________________ From: Chris Adams <cma@cmadams.net> Sent: 02 October 2018 15:04 To: users@ovirt.org Subject: [ovirt-users] Bad libvirt-spice certificate - regenerate?
I have an oVirt 4.1 cluster that was initially installed with 3.5 in 2014. The SSL certificates on the physical hosts in /etc/pki/vdsm/libvirt-spice have a problem - the "not before" date is invalid (it doesn't include a time zone), and so I can't connect to VM consoles from a client with OpenSSL 1.1.0i (up to date Fedora 27).
How can I regenerate these certificates?
Also, I noticed they expire next year - is that expiration handled automatically?
-- Chris Adams <cma@cmadams.net> _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EMV5VLZMMT7MG... To view the terms under which this email is distributed, please go to:- http://disclaimer.leedsbeckett.ac.uk/disclaimer/disclaimer.html
-- Chris Adams <cma@cmadams.net>
participants (3)
-
Chris Adams -
p.staniforth@leedsbeckett.ac.uk -
Staniforth, Paul