> On May 14, 2017, at 3:35 AM, Yedidyah Bar David <[email protected]> wrote:
> In addition to Yaniv's explanation below, can you explain why it was > bad? That is, what software/process was broken by it? Please note that > this is the CN of the CA's cert, not of the individual certs its signs > (such as the one for the web server for https) - these have the FQDN > you supplied to engine-setup as their CN. You're absolutely right; my apologies for that red herring. I confused myself after too long at the keyboard. >> The 5 random digits are supposed to be OK, and are actually a feature - it >> ensures uniqueness if you re-generate (most likely reinstall your Engine), >> as otherwise some browsers fail miserably if a CA cert mismatches what they >> know. >> >> SAN is being worked on - we are aware of Chrome 58 now requiring it. >> I sincerely hope to see it in 4.1.2 (see https://bugzilla.redhat.com/1449084 >> ). > > Indeed, and see my comment 5 there for how to add SAN to an existing > setup, _after_ you upgrade to 4.1.2 when it's out. Great, that's handy. > See also: > > https://www.ovirt.org/documentation/how-to/networking/changing-engine-hostname/ Thanks for the pointer! That was the missing piece for me; my Google-fu failed to uncover it. I think I have what I need. Thanks again to both of you, -j _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
