about the expiration time of the oVirt certs
As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks.
I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... Best Regards,Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway<sz_cuitao@163.com> wrote: <!--#yiv4428716226 _filtered {} _filtered {} _filtered {}#yiv4428716226 #yiv4428716226 p.yiv4428716226MsoNormal, #yiv4428716226 li.yiv4428716226MsoNormal, #yiv4428716226 div.yiv4428716226MsoNormal {margin:0cm;text-align:justify;text-justify:inter-ideograph;font-size:10.5pt;font-family:DengXian;}#yiv4428716226 span.yiv4428716226EmailStyle17 {font-family:DengXian;color:windowtext;}#yiv4428716226 .yiv4428716226MsoChpDefault {font-family:DengXian;}#yiv4428716226 _filtered {}#yiv4428716226 div.yiv4428716226WordSection1 {}--> As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44...
Thanks for your recommendation! I think Ovirt should integrate tools with similar functions into the management portal. This is important for long-term user stability. On 09/30/2021 23:38, Strahil Nikolov via Users wrote: I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm... Best Regards, Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway <sz_cuitao@163.com> wrote: As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44...
I was thinking the same.Would you open a feature request to bugzilla.redhat.com ? I know that certmonger can renew automatically all certs via an external CA, so that would be a great feature. Best Regards,Strahil Nikolov On Fri, Oct 1, 2021 at 7:41, tommy sway<sz_cuitao@163.com> wrote: _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-leave@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQZP2LZYZ74SXY...
participants (4)
-
Strahil Nikolov -
Tommy Sway -
tommy sway
-
tommy