[ovirt-users] Replacing Certificates in hosted-engine cluster
mperina at redhat.com
Thu Sep 29 12:12:34 UTC 2016
On Thu, Sep 29, 2016 at 1:09 PM, Joshua Doll <joshua.doll at gmail.com> wrote:
> If I have two CAs both claiming to be the root CA for a given Domain,
> essentially both claiming to be the same CA, this won't cause issues with
> communication between the engine and the two hosts? Does the CA used for
> communication between the hosts and the engine only exist in some protected
> trust store that is the only consulted source for this communication?
No, if you want to use custom CA for HTTPS, it will not change anyhting on
internal CA used for engine-hosts communications. Custom CA can be used
only for HTTPS certificates and when custom CA is configured properly we
use different truststore for HTTPS than for engine-host communication.
> Thanks, Josh
> On Thu, Sep 29, 2016, 6:53 AM Martin Perina <mperina at redhat.com> wrote:
>> by default engine uses its own CA to sign certificates for HTTPS access
>> and for engine-host communications. You can use your own CA only for HTTS
>> So if you are using oVirt 4.0 and you want to start to use custom CA for
>> HTTPS certificates please take a look at Doc Text in:
>> @Didi, are there any other steps required for hosted engine regarding
>> custom CA?
>> Martin Perina
>> On Wed, Sep 28, 2016 at 1:07 PM, Joshua Doll <joshua.doll at gmail.com>
>>> Hi, I have a two node cluster running a hosted-engine setup. I have
>>> stood up an enterprise CA and would like to replace the ovirt self signed
>>> certificates. I can't find a list of all the certificates online. Is there
>>> a list, or can someone point me in the right direction?
>>> Thanks, Josh
>>> Users mailing list
>>> Users at ovirt.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users