On Thu, Jul 5, 2018 at 5:20 PM, Nir Soffer <[email protected]> wrote:
> On Thu, Jul 5, 2018 at 4:55 PM <[email protected]> > wrote: > >> Thanks a lot for your support! >> >> A reinstalled a fresh ovirt-engine and managed to import the certificate. >> >> A managed to upload an image even with the self signed certificates >> configured. >> >> I think a "simple" way to allow letsencrypt certificates to be used for >> "external access" web UI, API..; could be useful >> > > I agree. > > Didi, can we integrate with letsencrypt to have engine/imageio certificates > respected by browsers without additional configuration? > I never looked specifically at this. We do have these open bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1336873 https://bugzilla.redhat.com/show_bug.cgi?id=1134219 If we want to specifically handle LE, please open a bug. Not sure we should. > The need to import the CA into your browser is to upload images is a big > user > experience issue. We see users failing to do it again and again. > I guess we have here two different issues: 1. By default, we (by default) generate a different key/cert pair for imageio, rather than use the one for httpd. So a user accepting the cert for httpd still fails to use the cert for imageio, until it's accepted as well. Perhaps we should use by default the same pair? No idea why we decided to use a separate pair. Please open an RFE to use the same pair as httpd. 2. The procedure to use a 3rd-party CA does not mention imageio. That's already discussed earlier in this thread. Best regards, -- Didi
_______________________________________________ Users mailing list -- [email protected] To unsubscribe send an email to [email protected] Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/[email protected]/message/XZ4IO3FP2NFCKAQG5D4EMFZLQGHGHCDP/
