On Fri, Dec 16, 2022 at 1:06 PM Vinz Vinz <v...@itiviti.com> wrote:
> Hi David,
> thx for your answer.
> I have tried this non official documentation because it was the clearest and 
> more straight forward I've found.
> indeed it's not perfect in terme of security, but having to renew each year 
> so many different certificate across multiple cluster is really not 
> convenient. The first time we had a certificate expiration we were not ready 
> and long story short it brought us a production issue...
> indeed this doc doesn't mention vdsm, but the current start date of our vdsm 
> certificate is matching with the date where we applied this doc, so I was 
> quite suprised too, but it's definitively not related. Anyway we have a lot 
> of vdsm cert that will expire next year, and we should be ready. (ovirt 
> 4.4.10)
> I did a recent install of ovirt 4.5, and vdsm cert are valid for 5 years, 
> which is really better.
> with our 4.4.10 clusters, if we "enrol cert", it will again be for one year? 
> I guess the only way to have a bigger period would be to update our cluster 
> to 4.5?

I think you can also change the default cert lifetime with
engine-config, item VdsCertificateValidityInDays. Didn't test this
myself. If it works, it should affect new certificates, not existing

Best regards,
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to