Comment #1 on issue 1173 by [email protected]: gnt-instance move > socat:
E certificate is valid but its commonName does not match hostname
https://code.google.com/p/ganeti/issues/detail?id=1173
Thanks for reporting this.
Currently, there doesn't appear to be any way within Ganeti of generating a
self-signed cert with the cluster's name. The offending code is in
lib/utils/x509.py
def GenerateSelfSignedSslCert(filename, serial_no,
common_name=constants.X509_CERT_CN,
validity=constants.X509_CERT_DEFAULT_VALIDITY,
uid=-1, gid=-1):
# TODO: Investigate using the cluster name instead of X505_CERT_CN for
# common_name, as cluster-renames are very seldom, and it'd be nice if
RAPI
# and node daemon certificates have the proper Subject/Issuer.
(key_pem, cert_pem) = GenerateSelfSignedX509Cert(
common_name, validity * 24 * 60 * 60, serial_no)
utils_io.WriteFile(filename, mode=0440, data=key_pem + cert_pem,
uid=uid, gid=gid)
return (key_pem, cert_pem)
This is somewhat related to issue #807 (the key size and signature methods
aren't configurable) is somewhat related to this.
However in addition we would need to make sure to force server.pem to be
regenerated if the cluster is renamed.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
