[ovirt-users] Replacing Certificates in hosted-engine cluster
Hi, I have a two node cluster running a hosted-engine setup. I have stood up an enterprise CA and would like to replace the ovirt self signed certificates. I can't find a list of all the certificates online. Is there a list, or can someone point me in the right direction? Thanks, Josh ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
[ovirt-users] Certificates in a hosted-engine cluster
I asked this question earlier, but I am not sure my email made it to the list. I have a two node cluster, and would like to replace all the self signed certificates with certs from my new enterprise CA. I cannot find a list of all the certificates that need to be replaced. My goal is to replace the CA that ovirt made with the new enterprise CA, bit I do not know all the certificates involved and their locations. Thanks, Josh ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Certificates in a hosted-engine cluster
I've found, http://www.ovirt.org/develop/release-management/features/infra/pki/ It seems to be for versions 3.2 and 3.3, is it still valid? Thanks, Josh On Wed, Sep 28, 2016, 3:24 PM Joshua Doll wrote: > I asked this question earlier, but I am not sure my email made it to the > list. I have a two node cluster, and would like to replace all the self > signed certificates with certs from my new enterprise CA. I cannot find a > list of all the certificates that need to be replaced. My goal is to > replace the CA that ovirt made with the new enterprise CA, bit I do not > know all the certificates involved and their locations. > > Thanks, Josh > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Certificates in a hosted-engine cluster
On Wed, Sep 28, 2016, 3:37 PM Nicolas Ecarnot wrote: > Le 28/09/2016 à 21:35, Joshua Doll a écrit : > > I've found, > > http://www.ovirt.org/develop/release-management/features/infra/pki/ > > > > It seems to be for versions 3.2 and 3.3, is it still valid? > > At least, I followed that for 3.6.x and was very happy with it. > > -- > Nicolas ECARNOT > ___ > Users mailing list > Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users Trying not top post so forgive me if I am or just generally making ugly emails. I'm on my phone, my work has a very strict policy regarding mailing list posting. I am running 4.0.3, but will give this a go using this list. Thanks for the help, Josh > > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Re: [ovirt-users] Replacing Certificates in hosted-engine cluster
If I have two CAs both claiming to be the root CA for a given Domain, essentially both claiming to be the same CA, this won't cause issues with communication between the engine and the two hosts? Does the CA used for communication between the hosts and the engine only exist in some protected trust store that is the only consulted source for this communication? Thanks, Josh On Thu, Sep 29, 2016, 6:53 AM Martin Perina wrote: > Hi, > > by default engine uses its own CA to sign certificates for HTTPS access > and for engine-host communications. You can use your own CA only for HTTS > certification. > So if you are using oVirt 4.0 and you want to start to use custom CA for > HTTPS certificates please take a look at Doc Text in: > > https://bugzilla.redhat.com/show_bug.cgi?id=1336838 > https://bugzilla.redhat.com/show_bug.cgi?id=1313379 > > @Didi, are there any other steps required for hosted engine regarding > custom CA? > > Thanks > > Martin Perina > > > > On Wed, Sep 28, 2016 at 1:07 PM, Joshua Doll > wrote: > >> Hi, I have a two node cluster running a hosted-engine setup. I have stood >> up an enterprise CA and would like to replace the ovirt self signed >> certificates. I can't find a list of all the certificates online. Is there >> a list, or can someone point me in the right direction? >> >> Thanks, Josh >> >> ___ >> Users mailing list >> Users@ovirt.org >> http://lists.ovirt.org/mailman/listinfo/users >> >> > ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users