[ovirt-users] Re: about the expiration time of the oVirt certs
I was thinking the same.Would you open a feature request to bugzilla.redhat.com ? I know that certmonger can renew automatically all certs via an external CA, so that would be a great feature. Best Regards,Strahil Nikolov On Fri, Oct 1, 2021 at 7:41, tommy sway wrote: ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQZP2LZYZ74SXYN75JWV4WKLEYDTM6U7/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/S7JIJVSNGP5D3YQZ3M23SF2AWOIKCGAY/
[ovirt-users] Re: about the expiration time of the oVirt certs
Thanks for your recommendation! I think Ovirt should integrate tools with similar functions into the management portal. This is important for long-term user stability. On 09/30/2021 23:38, Strahil Nikolov via Users wrote: I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/certmongerx Best Regards, Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway wrote: As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44YAYXK7Q5NUNZSDR4AU/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/RQZP2LZYZ74SXYN75JWV4WKLEYDTM6U7/
[ovirt-users] Re: about the expiration time of the oVirt certs
I think you are looking for certmonger, but it will require some manual steps: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/certmongerx Best Regards,Strahil Nikolov On Thu, Sep 30, 2021 at 10:17, Tommy Sway wrote: As you know, there are many kinds of certificates in Ovirt, used for communication, authentication and so on. However, in practice, there is a security risk related to the above certificates. That is, you need to generate a new certificate after the certificate expires. Otherwise, a problem will occur. In addition, different certificates expire at different times, which brings a lot of management trouble to users. Especially in the production system, a huge virtualization cluster may run thousands of VMS. If a cluster certificate has a problem, the impact is very serious. So I felt there was an urgent need for a technical tool that could help users quickly locate certificates, identify their expiration dates, and rebuild them. Even if there is no tool, there should be a way to solve the problems caused by partial certificate expiration. I think it should include the following points: First, how to list the certificate in detail Second, how to check the certificate expiration time Third, how to rebuild the certificate Does anyone else have this kind of confusion? What's a good solution? Thanks. ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3WFDWAZ2ZE6L44YAYXK7Q5NUNZSDR4AU/ ___ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/6UKQQE7QYIRCEEDAPJ4MQ4CUY7UK2XOX/