Thanks Martin!!! > On 14 Jan 2022, at 11:45, Martin Perina <mper...@redhat.com> wrote: > > Hi, > > host certificates are not saved anywhere in the engine database, you need to > go to the host itself to find out the expiration date. There are 2 options: > > 1. Directly on the host after connecting via SSH you can run below > # openssl x509 -text -noout -in /etc/pki/vdsm/certs/vdsmcert.pem | grep > -A2 Validity > > 2. Remotely using openssl you can run below > # openssl s_client -showcerts -connect <HOST FQDN>:54321 | openssl x509 > -text -noout | grep -A2 Validity > > > ovirt-engine performs certificate checks every day (can be configured using > engine-config option CertificationValidityCheckTimeInHours) and it checks not > only hosts certificates, but also the engine certificate and the engine CA > certificate. This check produces following records in ovirt-engine audit log: > > 1. If the certificate has already expired then below audit log ALERT is > created depending on the type of certificate > - Host ${VdsName} certification has expired at ${ExpirationDate}. Please > renew the host's certification. > - Engine's certification has expired at ${ExpirationDate}. Please renew > the engine's certification. > - Engine's CA certification has expired at ${ExpirationDate}. > > 2. If the certificate is going to expire in less than 7 days, then below > audit log ALERT is created depending on the type of certificate > - Host ${VdsName} certification is about to expire at ${ExpirationDate}. > Please renew the host's certification. > - Engine's certification is about to expire at ${ExpirationDate}. Please > renew the engine's certification. > - Engine's CA certification is about to expire at ${ExpirationDate}. > > 3. If the certificate is going to expire in less than 30 days, then below > audit log WARNING is created depending on the type of certificate > - Host ${VdsName} certification is about to expire at ${ExpirationDate}. > Please renew the host's certification. > - Engine's certification is about to expire at ${ExpirationDate}. Please > renew the engine's certification. > - Engine's CA certification is about to expire at ${ExpirationDate}. >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJETF6RUBHZEZWVTX6DZWHXN6BCFDRSQ/