Alon Bar-Lev has posted comments on this change. Change subject: packaging: Use engine.p12 for HTTPS connector ......................................................................
Patch Set 2: > I don't see any need to have additional key pairs when we already have the > engine key pair. A key should be used either to decrypt or to sign, having a key to do both weaken the key. Engine key is used to authenticate to vdsm (sign). Web server key is used to wrap keys (decrypt). Splitting these keys was required: 1. because the reason above. 2. to allow to modify web to 3rd party certificate authority without effecting authentication to vdsm and enrollment to new hosts. Having one more key for jboss will not make anything more complex, but will more clear for the user, so he will be able to know what is used by what component. -- To view, visit http://gerrit.ovirt.org/10851 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: Icfec797ae67eb791f9f9537d734b590d1555420e Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <[email protected]> Gerrit-Reviewer: Alex Lourie <[email protected]> Gerrit-Reviewer: Alon Bar-Lev <[email protected]> Gerrit-Reviewer: Juan Hernandez <[email protected]> Gerrit-Reviewer: Ofer Schreiber <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
