On Fri, Jul 6, 2018 at 9:35 AM, <etienne.charl...@reduspaceservices.eu> wrote:
> From a user point of view ... > > Letsencrypt or another certificate authority ... it should not matter... > > Just having one set of files ( cer/key/ca-chain) with a clear name > referenced from "all config files" would be the easiest... > Please realize that the engine CA is _mainly_ used to sign hosts' keys. We do not want to let the user do this with a 3rd party (well, until we fix bz 1134219 <https://bugzilla.redhat.com/show_bug.cgi?id=1134219>, see my other reply). Signing all the other keys is only done "because we can" :-), to simplify things by default. > > Once you get the certs from you provider, you just overwrite the files > with your own , restart the services and "that's it" ;-) > That's the one-line summary of: https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ <https://bugzilla.redhat.com/show_bug.cgi?id=1134219> or at least that's the intention. > > Letsencrypt renewing does not have to be handled on ovirt host (on a > bastion host where LE is configured, a simple script can be run to update > the certs and restart the services...) > Indeed. > > My 0.02€ > Etienne > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/site/privacy-policy/ > oVirt Code of Conduct: https://www.ovirt.org/community/about/community- > guidelines/ > List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/ > message/QJIAZ25JQYO76OI5T3CAS2E4CKLS2LMU/ > -- Didi
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/M7ZRAVGEZZLFDO6DH2P6C4YDWG6DGZA3/