[ovirt-users] VDSM SSL validity

Punaatua PAINT-KOUI punaatua.pk at gmail.com
Sat Feb 17 12:57:15 UTC 2018


Any idea someone ?

Le 14 févr. 2018 23:19, "Punaatua PAINT-KOUI" <punaatua.pk at gmail.com> a
écrit :

> Hi,
>
> I setup an hyperconverged solution with 3 nodes, hosted engine on
> glusterfs.
> We run this setup in a PCI-DSS environment. According to PCI-DSS
> requirements, we are required to reduce the validity of any certificate
> under 39 months.
>
> I saw in this link https://www.ovirt.org/develop/release-management/
> features/infra/pki/ that i can use the option
> VdsCertificateValidityInYears at engine-config.
>
> I'm running ovirt engine 4.2.1 and i checked when i was on 4.2 how to edit
> the option with engine-config --all and engine-config --list but the option
> is not listed
>
> Am i missing something ?
>
> I thing i can regenerate a VDSM certificate with openssl and the CA conf
> in /etc/pki/ovirt-engine on the hosted-engine but i would rather modifiy
> the option for future host that I will add.
>
> --
> -------------------------------------
> PAINT-KOUI Punaatua
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20180217/3b99cadd/attachment.html>


More information about the Users mailing list