oVirt 4.5.4-1: engine-setup does not renew certificates

Hi, I wanted to add short names to the webgui apache certificate. I followed these instructions: „Engine can be accessed using alternate host names (or IP addresses) that can configured by adding a new configuration file (for example /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf) with following content: SSO_ALTERNATE_ENGINE_FQDNS="alias1.example.com alias2.example.com" The list of alternate names has to be listed separated by spaces. It's possible to add also IP addresses of engine host, but using IP addresses instead of DNS names is not considered to be a good practise. Run engine-setup to generate new certificates.“ Certificates where not renewed. How do i get engine-setup to renew the apache certificate? oVirt: 4.5.4-1 Regards, Lars

On Thu, Sep 14, 2023 at 10:26 AM Lars Stolpe <lars.stolpe@bvg.de> wrote:
Hi, I wanted to add short names to the webgui apache certificate. I followed these instructions: „Engine can be accessed using alternate host names (or IP addresses) that can configured by adding a new configuration file (for example /etc/ovirt-engine/engine.conf.d/99-custom-sso-setup.conf) with following content: SSO_ALTERNATE_ENGINE_FQDNS="alias1.example.com alias2.example.com" The list of alternate names has to be listed separated by spaces. It's possible to add also IP addresses of engine host, but using IP addresses instead of DNS names is not considered to be a good practise. Run engine-setup to generate new certificates.“
Where did you copy this from?
Certificates where not renewed. How do i get engine-setup to renew the apache certificate?
engine-setup can renew certificates that were generated by itself, not any random cert. If you add new names to the engine using SSO_ALTERNATE_ENGINE_FQDNS, you usually use certs generated elsewhere, not ones from engine-setup. Best regards, -- Didi

Hi, these instructions i found some time before in a documentation. I don't know the exact place. what's the point in configuring the engine setup to use SSO_ALTERNATE_ENGINE_FQDNS if it is for using external certificates only? I do use engine-setup generated certificates. I want to add the short name of the engine. How do i get engine-setup to use alternative names for engine-setup generated certificates? Best regards, Lars
participants (2)
-
Lars Stolpe
-
Yedidyah Bar David