On Mon, Jun 6, 2022 at 2:54 PM Maton, Brett <mat...@ltresources.co.uk>

> Opened a bug report:  2093954 – Engine certificate alert, no option to
> update offered by engine-setup (redhat.com)
> <https://bugzilla.redhat.com/show_bug.cgi?id=2093954>
A the beginning of last week I had to apply a certificate renewal on a RHV
4.4.7 environment.
It is the commercial product but I think pretty similar in behaviour to the
corresponding oVirt release. The engine certificate would have expired on
17th of August, so in between 2 and 3 months later.

The command "engine-setup --offline" automatically proposed to renew them.
It gave:
          --== PKI CONFIGURATION ==--

          One or more of the certificates should be renewed, because they
expire soon, or include an invalid expiry date, or they were created with
validity period longer than 398 days, or do not include the subjectAltName
extension, which can cause them to be rejected by recent browsers and up to
date hosts.
          See https://access.redhat.com/solutions/1572983 for more details.
          Renew certificates? (Yes, No) [No]: Yes
and then going ahead:

. . .
[ INFO  ] Upgrading CA
[ INFO  ] Renewing engine certificate
[ INFO  ] Renewing jboss certificate
[ INFO  ] Renewing websocket-proxy certificate
[ INFO  ] Renewing apache certificate
[ INFO  ] Renewing reports certificate
[ INFO  ] Updating OVN SSL configuration
[ INFO  ] Updating OVN timeout configuration
. . .
[ INFO  ] Restarting httpd
          Web access is enabled at:
. . .
          --== END OF SUMMARY ==--

But I don't know the exact number of days under which to get the prompt and
if this number is in any way configurable...
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to