Bug 1660441
| Summary: | rename breaks apache cert | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [oVirt] ovirt-engine | Reporter: | Yedidyah Bar David <didi> | ||||
| Component: | Tools.Rename | Assignee: | Yedidyah Bar David <didi> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Lucie Leistnerova <lleistne> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 4.2.3 | CC: | bugs, sborella | ||||
| Target Milestone: | ovirt-4.3.0 | Flags: | rule-engine:
ovirt-4.3+
rule-engine: exception+ |
||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: |
This release ensures Red Hat Virtualization Manager defines the attribute subjectAlternativeName correctly during the renaming of the httpd certificate to prevent browser warnings or a certificate rejection.
|
Story Points: | --- | ||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-02-13 07:43:05 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
ovirt-engine-rename updated engine certificate and so engine-setup doesn't have any problem with it. (I had to fix the script that it would not fail according to BZ 1672251) verified in ovirt-engine-4.3.0-0.8.rc2.el7.noarch This bugzilla is included in oVirt 4.3.0 release, published on February 4th 2019. Since the problem described in this bug report should be resolved in oVirt 4.3.0 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Created attachment 1515307 [details] ovirt-engine-setup-20181218111341-64oa3z.log Description of problem: After ovirt-engine-rename, engine-setup says: One or more of the certificates should be renewed, because they expire soon, or include an invalid expiry date, or do not include the subjectAltName extension, which can cause them to be rejected by recent browsers and up to date hosts. Version-Release number of selected component (if applicable): How reproducible: not sure, I think 100% Steps to Reproduce: not sure, probably: 1. setup 2. rename 3. setup Actual results: last one prompts as above Expected results: rename writes certs just as setup expects them to be Additional info: