On Thu, Sep 29, 2016 at 1:09 PM, Joshua Doll <[email protected]> wrote:
> If I have two CAs both claiming to be the root CA for a given Domain, > essentially both claiming to be the same CA, this won't cause issues with > communication between the engine and the two hosts? Does the CA used for > communication between the hosts and the engine only exist in some protected > trust store that is the only consulted source for this communication? > No, if you want to use custom CA for HTTPS, it will not change anyhting on internal CA used for engine-hosts communications. Custom CA can be used only for HTTPS certificates and when custom CA is configured properly we use different truststore for HTTPS than for engine-host communication. > Thanks, Josh > > On Thu, Sep 29, 2016, 6:53 AM Martin Perina <[email protected]> wrote: > >> Hi, >> >> by default engine uses its own CA to sign certificates for HTTPS access >> and for engine-host communications. You can use your own CA only for HTTS >> certification. >> So if you are using oVirt 4.0 and you want to start to use custom CA for >> HTTPS certificates please take a look at Doc Text in: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=1336838 >> https://bugzilla.redhat.com/show_bug.cgi?id=1313379 >> >> @Didi, are there any other steps required for hosted engine regarding >> custom CA? >> >> Thanks >> >> Martin Perina >> >> >> >> On Wed, Sep 28, 2016 at 1:07 PM, Joshua Doll <[email protected]> >> wrote: >> >>> Hi, I have a two node cluster running a hosted-engine setup. I have >>> stood up an enterprise CA and would like to replace the ovirt self signed >>> certificates. I can't find a list of all the certificates online. Is there >>> a list, or can someone point me in the right direction? >>> >>> Thanks, Josh >>> >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.ovirt.org/mailman/listinfo/users >>> >>> >>
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
