On Fri, Jul 6, 2018 at 9:35 AM, <etienne.charl...@reduspaceservices.eu>
wrote:

> From a user point of view ...
>
> Letsencrypt or another certificate authority ... it should not matter...
>
> Just having one set of files ( cer/key/ca-chain) with a clear name
> referenced from "all config files" would be the easiest...
>

Please realize that the engine CA is _mainly_ used to sign hosts' keys.
We do not want to let the user do this with a 3rd party (well, until we
fix bz 1134219 <https://bugzilla.redhat.com/show_bug.cgi?id=1134219>, see
my other reply). Signing all the other keys is only
done "because we can" :-), to simplify things by default.


>
> Once you get the certs from you provider, you just overwrite the files
> with your own , restart the services and "that's it" ;-)
>

That's the one-line summary of:

https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/
<https://bugzilla.redhat.com/show_bug.cgi?id=1134219>

or at least that's the intention.


>
> Letsencrypt renewing does not have to be handled on ovirt host  (on a
> bastion host where LE is configured,  a simple script can be run to update
> the certs and restart the services...)
>

Indeed.


>
> My 0.02€
> Etienne
> _______________________________________________
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/site/privacy-policy/
> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-
> guidelines/
> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/
> message/QJIAZ25JQYO76OI5T3CAS2E4CKLS2LMU/
>



-- 
Didi
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/M7ZRAVGEZZLFDO6DH2P6C4YDWG6DGZA3/

Reply via email to