1:57 a.m.
As you know, there are many kinds of certificates in Ovirt, used for
communication, authentication and so on.
However, in practice, there is a security risk related to the above
certificates.
That is, you need to generate a new certificate after the certificate
expires. Otherwise, a problem will occur.
In addition, different certificates expire at different times, which brings
a lot of management trouble to users.
Especially in the production system, a huge virtualization cluster may run
thousands of VMS. If a cluster certificate has a problem, the impact is very
serious.
So I felt there was an urgent need for a technical tool that could help
users quickly locate certificates, identify their expiration dates, and
rebuild them.
Even if there is no tool, there should be a way to solve the problems caused
by partial certificate expiration. I think it should include the following
points:
First, how to list the certificate in detail
Second, how to check the certificate expiration time
Third, how to rebuild the certificate
Does anyone else have this kind of confusion? What's a good solution?
Thanks.
10:38 a.m.
I think you are looking for certmonger, but it will require some manual steps:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Best Regards,Strahil Nikolov
On Thu, Sep 30, 2021 at 10:17, Tommy Sway<sz_cuitao(a)163.com> wrote:
<!--#yiv4428716226 _filtered {} _filtered {} _filtered {}#yiv4428716226 #yiv4428716226
p.yiv4428716226MsoNormal, #yiv4428716226 li.yiv4428716226MsoNormal, #yiv4428716226
div.yiv4428716226MsoNormal
{margin:0cm;text-align:justify;text-justify:inter-ideograph;font-size:10.5pt;font-family:DengXian;}#yiv4428716226
span.yiv4428716226EmailStyle17 {font-family:DengXian;color:windowtext;}#yiv4428716226
.yiv4428716226MsoChpDefault {font-family:DengXian;}#yiv4428716226 _filtered
{}#yiv4428716226 div.yiv4428716226WordSection1 {}-->
As you know, there are many kinds of certificates in Ovirt, used for communication,
authentication and so on.
However, in practice, there is a security risk related to the above certificates.
That is, you need to generate a new certificate after the certificate expires. Otherwise,
a problem will occur.
In addition, different certificates expire at different times, which brings a lot of
management trouble to users.
Especially in the production system, a huge virtualization cluster may run thousands of
VMS. If a cluster certificate has a problem, the impact is very serious.
So I felt there was an urgent need for a technical tool that could help users quickly
locate certificates, identify their expiration dates, and rebuild them.
Even if there is no tool, there should be a way to solve the problems caused by partial
certificate expiration. I think it should include the following points:
First, how to list the certificate in detail
Second, how to check the certificate expiration time
Third, how to rebuild the certificate
Does anyone else have this kind of confusion? What's a good solution?
Thanks.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6...
11:38 p.m.
New subject: about the expiration time of the oVirt certs
Thanks for your recommendation!
I think Ovirt should integrate tools with similar functions into the management portal.
This is important for long-term user stability.
On 09/30/2021 23:38, Strahil Nikolov via Users wrote:
I think you are looking for certmonger, but it will require some manual steps:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/...
Best Regards,
Strahil Nikolov
On Thu, Sep 30, 2021 at 10:17, Tommy Sway
<sz_cuitao(a)163.com> wrote:
As you know, there are many kinds of certificates in Ovirt, used for communication,
authentication and so on.
However, in practice, there is a security risk related to the above certificates.
That is, you need to generate a new certificate after the certificate expires. Otherwise,
a problem will occur.
In addition, different certificates expire at different times, which brings a lot of
management trouble to users.
Especially in the production system, a huge virtualization cluster may run thousands of
VMS. If a cluster certificate has a problem, the impact is very serious.
So I felt there was an urgent need for a technical tool that could help users quickly
locate certificates, identify their expiration dates, and rebuild them.
Even if there is no tool, there should be a way to solve the problems caused by partial
certificate expiration. I think it should include the following points:
First, how to list the certificate in detail
Second, how to check the certificate expiration time
Third, how to rebuild the certificate
Does anyone else have this kind of confusion? What's a good solution?
Thanks.
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6...
9:54 a.m.
New subject: about the expiration time of the oVirt certs
I was thinking the same.Would you open a feature request to bugzilla.redhat.com ?
I know that certmonger can renew automatically all certs via an external CA, so that would
be a great feature.
Best Regards,Strahil Nikolov
On Fri, Oct 1, 2021 at 7:41, tommy sway<sz_cuitao(a)163.com> wrote:
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQZP2LZYZ74...
1338
days inactive
1339
days old
4 comments
4 participants
participants (4)
-
Strahil Nikolov -
Tommy Sway -
tommy sway
-
tommy