[ovirt-devel] [missing_subjectAltName] in engine ca certificate?

Yaniv Kaul ykaul at redhat.com
Wed May 10 07:07:40 UTC 2017


On Wed, May 10, 2017 at 9:35 AM, Martin Perina <mperina at redhat.com> wrote:

> Does this mean that we need to create new CA for all existing oVirt
> installations which are not using custom HTTPS certificate signed by
> external CA?
>

No, just a new certificate for Engine, I believe.
Y.


> On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <nsoffer at redhat.com> wrote:
>
>> On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <danken at redhat.com> wrote:
>>
>>> On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <nsoffer at redhat.com> wrote:
>>> > I imported the certificate from my engine into chrome[1], but Chrome
>>> > refuses to use it because:
>>> >
>>> >     This server could not prove that it is ...; its security
>>> >     certificate is from [missing_subjectAltName].
>>> >
>>> > Same certificate used to work 2 weeks ago, looks like new Chrome
>>> > version changed the rules.
>>> >
>>> > Without importing engine CA, there is no way to upload images
>>> > via engine.
>>> >
>>> > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3.
>>> >
>>> > Is this  known issue?
>>> >
>>> > [1] from
>>> > http://<engine_url>/ovirt-engine/services/pki-resource?resou
>>> rce=ca-certificate&format=X509-PEM-CA
>>> >
>>> > Nir
>>>
>>> https://gerrit.ovirt.org/#/c/74614/
>>>
>>> "This patch is not yet working, but can be used for discussion."
>>>
>>
>> Thanks!
>>
>> Do you know how to manually fix engine certificates until we have a
>> working
>> patch?
>>
>> Nir
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at ovirt.org
>> http://lists.ovirt.org/mailman/listinfo/devel
>>
>
>
> _______________________________________________
> Devel mailing list
> Devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/devel/attachments/20170510/2a27e720/attachment.html>


More information about the Devel mailing list