[ovirt-users] Regenerating new SSL certificates for ovirt-engine

Sven Kieske S.Kieske at mittwald.de
Thu Apr 10 09:41:17 UTC 2014


Hi,

as a first step, make sure to read and understand this page:
http://www.ovirt.org/Features/PKI

There are different certificates for different things.

I have sadly no time to elaborate on this difficult topic.

But you may want restrict the access to your engine
from the network side (firewalls, routing, etc)
anyway, to minimize the impact of such vulns.

HTH

PS: Some instructions are also here if I remember
correctly:
http://www.ovirt.org/Changing_Engine_Hostname

Am 09.04.2014 17:42, schrieb Trey Dockendorf:
> Given the recent OpenSSL heartbleed vulnerability, I would like to
> regenerate the certificates used by my ovirt-engine server.  What are
> the steps to regenerate the certificates, and which certificates
> should be regenerated?  My ovirt-engine host is on our campus LAN,
> which offers no real protection, so I would consider it public facing
> despite not being routable across the WAN.  At minimum I'd like to
> regenerate the certificates used by Apache.
> 
> I'd be happy to document this on the wiki, as the only items I could
> find were related to host renaming.
> 
> Thanks,
> - Trey


-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen


More information about the Users mailing list