[JIRA] (OVIRT-1994) foreman certs about to expire

[Evgheni Dereveanchin (oVirt JIRA)]

Evgheni Dereveanchin created OVIRT-1994:
-------------------------------------------

             Summary: foreman certs about to expire
                 Key: OVIRT-1994
                 URL: https://ovirt-jira.atlassian.net/browse/OVIRT-1994
             Project: oVirt - virtualization made easy
          Issue Type: Task
            Reporter: Evgheni Dereveanchin
            Assignee: infra
            Priority: High


The oVirt Foreman was deployed on 05.05.2013 and soon most of the certs issued at that time will expire.

Here's a message shown on one of the older systems under its management:
Warning: Certificate 'Puppet CA: foreman.ovirt.org' will expire on 2018-05-05T19:41:35GMT
Warning: Certificate 'foreman.ovirt.org' will expire on 2018-07-02T13:50:12GMT
Warning: Certificate 'monitoring.ovirt.org' will expire on 2018-05-28T15:32:20GMT

So the CA certificate is expiring this week, the puppetmaster one - in two months and some client certs - even sooner than that.

A possible fix is to generate new CA and puppetmaster certificates using original CSRs, then delete /var/lib/puppet/ssl/certs/ca.pem on clients and most of them should keep working since their own certs will still be signed using the same keys.



--
This message was sent by Atlassian Jira
(v1001.0.0-SNAPSHOT#100083)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20180503/950999e8/attachment-0001.html>