Sandro, the main is - "admin enroll new cert, but engine spam to log that cert will be expire"
Check host cert via Martin snippet, the cert is deployed at Jan 10 2022 [root@control1 ovirt-engine]# openssl s_client -showcerts -connect 192.168.101.16:54321 | openssl x509 -text -noout | grep -A2 Validity Can't use SSL_get_servername depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279 verify error:num=19:self signed certificate in certificate chain verify return:1 depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279 verify return:1 depth=0 O = opentech.local, CN = 192.168.101.16 verify return:1 140358921414464:error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert certificate required:ssl/record/rec_layer_s3.c:1543:SSL alert number 116 Validity Not Before: Jan 10 16:57:10 2022 GMT Not After : Feb 13 16:57:10 2023 GMT But engine "don't see this changes" at 12 Jan, 13 Jan [root@control1 ovirt-engine]# gunzip -c *\.gz | ack 'certification is about to expire' | grep ovirt-host6 | awk '{print $1 " " $2 " " $10}' 2022-01-11 20:57:33,890+07 ovirt-host6.opentech.local 2022-01-12 20:57:33,925+07 ovirt-host6.opentech.local 2022-01-13 20:57:33,958+07 ovirt-host6.opentech.local Yesterday I was restarted ovirt-engine, now this alerts are gone The certificate enrolling routine should be documented Thanks, k > On 14 Jan 2022, at 11:48, Sandro Bonazzola <sbona...@redhat.com> wrote: > > Martin, is this something which can fit in oVirt administration documentation? > Konstantin, what's the purpose of getting the certificate's dates?
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/TWKYIZK3VHKHZKAVG4PL7KVGHNV47AHN/