On Wed, May 10, 2017 at 9:35 AM Martin Perina <[email protected]> wrote:
> Does this mean that we need to create new CA for all existing oVirt > installations which are not using custom HTTPS certificate signed by > external CA? > This seems to be the case, Chrome is rejecting the old certificate. > > On Sun, May 7, 2017 at 7:37 PM, Nir Soffer <[email protected]> wrote: > >> On Sun, May 7, 2017 at 8:27 PM Dan Kenigsberg <[email protected]> wrote: >> >>> On Sun, May 7, 2017 at 8:22 PM, Nir Soffer <[email protected]> wrote: >>> > I imported the certificate from my engine into chrome[1], but Chrome >>> > refuses to use it because: >>> > >>> > This server could not prove that it is ...; its security >>> > certificate is from [missing_subjectAltName]. >>> > >>> > Same certificate used to work 2 weeks ago, looks like new Chrome >>> > version changed the rules. >>> > >>> > Without importing engine CA, there is no way to upload images >>> > via engine. >>> > >>> > Tested on engine 4.1.1 and 4.1.2 on Centos 7.3. >>> > >>> > Is this known issue? >>> > >>> > [1] from >>> > http:// >>> <engine_url>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA >>> > >>> > Nir >>> >>> https://gerrit.ovirt.org/#/c/74614/ >>> >>> "This patch is not yet working, but can be used for discussion." >>> >> >> Thanks! >> >> Do you know how to manually fix engine certificates until we have a >> working >> patch? >> >> Nir >> >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.ovirt.org/mailman/listinfo/devel >> > >
_______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
