[Users] replace engine hostname /pki

Sven Kieske S.Kieske at mittwald.de
Wed Jan 29 11:24:40 UTC 2014


Additional question regarding the certificates/pki:

the wikipage states:

"The bigger concern is with the engine's certificate. Currently, to the
best of our knowledge, there is no component that actually checks this
trust."
(All three certificates (CA, httpd, engine) are for the Common Name (CN)
whose value is the hostname entered during engine-setup, which is
supposed to be the hostname of the engine's machine, exist in the dns
(forward and reverse records), and point to an IP address of the
engine's machine. )

Is there a list of values that get checked? e.g. the validity dates
before and after?

users might run into trouble in 10 years if this gets checked, because
that is the current expiration date.

if _nothing_ gets checked I wonder why the PKI is used at all ;)

(I assume at least the keys get checked)

Am 29.01.2014 11:34, schrieb Yedidyah Bar David:
> It was actually replaced with a utility that does that:
> 
> http://www.ovirt.org/Changing_Engine_Hostname
> 
> You might want to add a link there. I noticed that there are other such
> pages and did not bother to fix them all, some in other sites :-(

-- 
Mit freundlichen Grüßen / Regards

Sven Kieske

Systemadministrator
Mittwald CM Service GmbH & Co. KG
Königsberger Straße 6
32339 Espelkamp
T: +49-5772-293-100
F: +49-5772-293-333
https://www.mittwald.de
Geschäftsführer: Robert Meyer
St.Nr.: 331/5721/1033, USt-IdNr.: DE814773217, HRA 6640, AG Bad Oeynhausen
Komplementärin: Robert Meyer Verwaltungs GmbH, HRB 13260, AG Bad Oeynhausen


More information about the Users mailing list