[ovirt-users] VDSM SSL validity

Punaatua PAINT-KOUI punaatua.pk at gmail.com
Thu Feb 15 09:19:02 UTC 2018


 Hi,

I setup an hyperconverged solution with 3 nodes, hosted engine on glusterfs.
We run this setup in a PCI-DSS environment. According to PCI-DSS
requirements, we are required to reduce the validity of any certificate
under 39 months.

I saw in this link
https://www.ovirt.org/develop/release-management/features/infra/pki/ that i
can use the option VdsCertificateValidityInYears at engine-config.

I'm running ovirt engine 4.2.1 and i checked when i was on 4.2 how to edit
the option with engine-config --all and engine-config --list but the option
is not listed

Am i missing something ?

I thing i can regenerate a VDSM certificate with openssl and the CA conf in
/etc/pki/ovirt-engine on the hosted-engine but i would rather modifiy the
option for future host that I will add.

-- 
-------------------------------------
PAINT-KOUI Punaatua
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180214/7c30914a/attachment.html>


More information about the Users mailing list