Sandro, the main is - "admin enroll new cert, but engine spam to log that cert
will be expire"
Check host cert via Martin snippet, the cert is deployed at Jan 10 2022
[root@control1 ovirt-engine]# openssl s_client -showcerts -connect
192.168.101.16:54321 | openssl x509 -text -noout | grep -A2 Validity
Can't use SSL_get_servername
depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279
verify error:num=19:self signed certificate in certificate chain
verify return:1
depth=1 C = US, O = opentech.local, CN = control1.opentech.local.54279
verify return:1
depth=0 O = opentech.local, CN = 192.168.101.16
verify return:1
140358921414464:error:1409445C:SSL routines:ssl3_read_bytes:tlsv13 alert
certificate required:ssl/record/rec_layer_s3.c:1543:SSL alert number 116
Validity
Not Before: Jan 10 16:57:10 2022 GMT
Not After : Feb 13 16:57:10 2023 GMT
But engine "don't see this changes" at 12 Jan, 13 Jan
[root@control1 ovirt-engine]# gunzip -c *\.gz | ack 'certification is about to
expire' | grep ovirt-host6 | awk '{print $1 " " $2 " " $10}'
2022-01-11 20:57:33,890+07 ovirt-host6.opentech.local
2022-01-12 20:57:33,925+07 ovirt-host6.opentech.local
2022-01-13 20:57:33,958+07 ovirt-host6.opentech.local
Yesterday I was restarted ovirt-engine, now this alerts are gone
The certificate enrolling routine should be documented
Thanks,
k
> On 14 Jan 2022, at 11:48, Sandro Bonazzola <sbona...@redhat.com> wrote:
>
> Martin, is this something which can fit in oVirt administration documentation?
> Konstantin, what's the purpose of getting the certificate's dates?
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/TWKYIZK3VHKHZKAVG4PL7KVGHNV47AHN/
