[Users] changing the password of the ovirt root ca
Hi, does it have any side effects if I change the password which protects the private root CA key ? I guess not, but I want to be sure :-) -- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: "Users@ovirt.org List" <Users@ovirt.org> Sent: Wednesday, March 19, 2014 12:35:04 PM Subject: [Users] changing the password of the ovirt root ca
Hi,
does it have any side effects if I change the password which protects the private root CA key ?
I guess not, but I want to be sure :-)
Well... yes... it is used by all components that access the file. The system ACL is what actually protects it, or we need to add a parameter to all programs that use this file, and engine need this before it starts... so only manual startup will be supported.
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
I'm sorry, but I'm not sure if I understand you correctly. What I want to do, is to change the password which protects the Certificate Authority which gets created during engine setup. I thought this root CA Key is protected by a passphrase, which was created during engine-setup. Is this not the case? As far as I understand your answer you are telling me there is no password protecting the private key which secures the CA and all programs which use it are just secured through file permission ACLs? Please correct me where I'm wrong. Thanks in advance Am 19.03.2014 11:40, schrieb Alon Bar-Lev:
Well... yes... it is used by all components that access the file. The system ACL is what actually protects it, or we need to add a parameter to all programs that use this file, and engine need this before it starts... so only manual startup will be supported.
-- Mit freundlichen Grüßen / Regards Sven Kieske Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
----- Original Message -----
From: "Sven Kieske" <S.Kieske@mittwald.de> To: "Alon Bar-Lev" <alonbl@redhat.com> Cc: "Users@ovirt.org List" <Users@ovirt.org> Sent: Wednesday, March 19, 2014 2:27:13 PM Subject: Re: [Users] changing the password of the ovirt root ca
I'm sorry, but I'm not sure if I understand you correctly.
What I want to do, is to change the password which protects
the Certificate Authority which gets created during engine setup.
I thought this root CA Key is protected by a passphrase, which was
created during engine-setup.
Is this not the case?
As far as I understand your answer you are telling me there is no password protecting the private key which secures the CA and all programs which use it are just secured through file permission ACLs?
Please correct me where I'm wrong.
No you are not wrong, there is a static password which equals to no password. Key is protected by filesystem ACL. Having a password generated each setup will require to store this password on filesystem, which result in same level of security.
Thanks in advance
Am 19.03.2014 11:40, schrieb Alon Bar-Lev:
Well... yes... it is used by all components that access the file. The system ACL is what actually protects it, or we need to add a parameter to all programs that use this file, and engine need this before it starts... so only manual startup will be supported.
-- Mit freundlichen Grüßen / Regards
Sven Kieske
Systemadministrator Mittwald CM Service GmbH & Co. KG Königsberger Straße 6 32339 Espelkamp T: +49-5772-293-100 F: +49-5772-293-333 https://www.mittwald.de Geschäftsführer: Robert Meyer St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen
participants (2)
-
Alon Bar-Lev -
Sven Kieske