On Sun, Feb 11, 2018 at 11:41 PM, ~Stack~ <i.am.st...@gmail.com> wrote: > On 02/11/2018 02:41 AM, Yedidyah Bar David wrote: >> On Sun, Feb 11, 2018 at 10:26 AM, Yaniv Kaul <yk...@redhat.com> wrote: >>> >>> >>> On Sun, Feb 11, 2018 at 2:43 AM, ~Stack~ <i.am.st...@gmail.com> wrote: > > [snip] > >>>> We decided to just start from scratch and my coworker watched and >>>> confirmed every step. It works! No problems at all this time. Further >>>> evidence that I goofed _something_ up the first time. >>> >>> >>> We should really have an Ansible role that performs the conversion to >>> self-signed certificates. >>> That would make the conversion easier and safer. >> >> +1 >> >> Not sure "self-signed" is the correct term here. Also the internal >> engine CA's cert is self-signed. >> >> I guess you refer to this: >> >> https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ >> >> I'd call it "configure-3rd-party-CA" or something like that. > > Greetings, > > Another +1 from me (obviously! :-). > > I also agree in that we are not doing a self-signed cert, but rather > we've purchased a cert from one of the big-name-CA-vendors that is valid > for our domain. "configure-3rd-party-CA" makes more sense to me.
Nit: This big-name-CA-vendors CA's cert is most likely also self-signed, so it's not a mistake to call it "self-signed". The difference between "self-signed by _me_" and "self-signed by big-name" is mainly a matter of trust and business relations (between that big-name and you, big-name and the OS/browser vendors, etc.) and not a technical one. If you loan a friend $100 for a month, the difference between you and a big bank is very similar to that above difference... > > Lastly, that is the link that I used for a guide. > > Thanks! > ~Stack~ > > > -- Didi _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users