Thanks Martin!!!
> On 14 Jan 2022, at 11:45, Martin Perina <mper...@redhat.com> wrote:
>
> Hi,
>
> host certificates are not saved anywhere in the engine database, you need to
> go to the host itself to find out the expiration date. There are 2 options:
>
> 1. Directly on the host after connecting via SSH you can run below
> # openssl x509 -text -noout -in /etc/pki/vdsm/certs/vdsmcert.pem | grep
> -A2 Validity
>
> 2. Remotely using openssl you can run below
> # openssl s_client -showcerts -connect <HOST FQDN>:54321 | openssl x509
> -text -noout | grep -A2 Validity
>
>
> ovirt-engine performs certificate checks every day (can be configured using
> engine-config option CertificationValidityCheckTimeInHours) and it checks not
> only hosts certificates, but also the engine certificate and the engine CA
> certificate. This check produces following records in ovirt-engine audit log:
>
> 1. If the certificate has already expired then below audit log ALERT is
> created depending on the type of certificate
> - Host ${VdsName} certification has expired at ${ExpirationDate}. Please
> renew the host's certification.
> - Engine's certification has expired at ${ExpirationDate}. Please renew
> the engine's certification.
> - Engine's CA certification has expired at ${ExpirationDate}.
>
> 2. If the certificate is going to expire in less than 7 days, then below
> audit log ALERT is created depending on the type of certificate
> - Host ${VdsName} certification is about to expire at ${ExpirationDate}.
> Please renew the host's certification.
> - Engine's certification is about to expire at ${ExpirationDate}. Please
> renew the engine's certification.
> - Engine's CA certification is about to expire at ${ExpirationDate}.
>
> 3. If the certificate is going to expire in less than 30 days, then below
> audit log WARNING is created depending on the type of certificate
> - Host ${VdsName} certification is about to expire at ${ExpirationDate}.
> Please renew the host's certification.
> - Engine's certification is about to expire at ${ExpirationDate}. Please
> renew the engine's certification.
> - Engine's CA certification is about to expire at ${ExpirationDate}.
>
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GJETF6RUBHZEZWVTX6DZWHXN6BCFDRSQ/
