Hi Gianluca, My issue is I'm getting the alert, but 'engine-setup --offline' is not offering to update the certificates. At the moment I'm hoping it's simply that engine is reporting that certificates need to be renewed before engine-setup is configured to offer the option to upgrade.
Cheers, Brett On Mon, 6 Jun 2022 at 14:05, Gianluca Cecchi <gianluca.cec...@gmail.com> wrote: > On Mon, Jun 6, 2022 at 2:54 PM Maton, Brett <mat...@ltresources.co.uk> > wrote: > >> Opened a bug report: 2093954 – Engine certificate alert, no option to >> update offered by engine-setup (redhat.com) >> <https://bugzilla.redhat.com/show_bug.cgi?id=2093954> >> >> > A the beginning of last week I had to apply a certificate renewal on a RHV > 4.4.7 environment. > It is the commercial product but I think pretty similar in behaviour to > the corresponding oVirt release. The engine certificate would have expired > on 17th of August, so in between 2 and 3 months later. > > The command "engine-setup --offline" automatically proposed to renew them. > It gave: > " > --== PKI CONFIGURATION ==-- > > One or more of the certificates should be renewed, because they > expire soon, or include an invalid expiry date, or they were created with > validity period longer than 398 days, or do not include the subjectAltName > extension, which can cause them to be rejected by recent browsers and up to > date hosts. > See https://access.redhat.com/solutions/1572983 for more > details. > Renew certificates? (Yes, No) [No]: Yes > " > and then going ahead: > > " > . . . > [ INFO ] Upgrading CA > [ INFO ] Renewing engine certificate > [ INFO ] Renewing jboss certificate > [ INFO ] Renewing websocket-proxy certificate > [ INFO ] Renewing apache certificate > [ INFO ] Renewing reports certificate > [ INFO ] Updating OVN SSL configuration > [ INFO ] Updating OVN timeout configuration > . . . > [ INFO ] Restarting httpd > Web access is enabled at: > http://my_engine:80/ovirt-engine > https://my_egine:443/ovirt-engine > . . . > --== END OF SUMMARY ==-- > " > > But I don't know the exact number of days under which to get the prompt > and if this number is in any way configurable... > Gianluca >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/3RZ6K22L3M72MTR7RLFEKNKSUETKD2DC/
