Before no one is left to answer this question, what long term certificates do we need to worry about with oVirt? I am not talking about the ones engine-setup can re-create, and I am not talking about the Apache certificate that is easy to tie to an external CA; I am talking about any internal 10 year CA type certificates that will eventually expire. This would be especially true if they depend on any RedHat CA authority's signature to be valid. How easy would it be to replace them? Just thinking ahead.