I setup an hyperconverged solution with 3 nodes, hosted engine on glusterfs.
We run this setup in a PCI-DSS environment. According to PCI-DSS
requirements, we are required to reduce the validity of any certificate
under 39 months.

I saw in this link
https://www.ovirt.org/develop/release-management/features/infra/pki/ that i
can use the option VdsCertificateValidityInYears at engine-config.

I'm running ovirt engine 4.2.1 and i checked when i was on 4.2 how to edit
the option with engine-config --all and engine-config --list but the option
is not listed

Am i missing something ?

I thing i can regenerate a VDSM certificate with openssl and the CA conf in
/etc/pki/ovirt-engine on the hosted-engine but i would rather modifiy the
option for future host that I will add.

Users mailing list

Reply via email to