Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

OLVM nodes - what certs do i need to monitor expiry dates (confused about ca certs.) ?

morgan coxOct 3 2023

Hi.

I am aware of the following certs

"/etc/pki/vdsm/certs/vdsmcert.pem"
"/etc/pki/vdsm/libvirt-spice/server-cert.pem"
"/etc/pki/vdsm/libvirt-vnc/server-cert.pem"
"/etc/pki/libvirt/clientcert.pem"
"/etc/pki/vdsm/libvirt-migrate/server-cert.pem"

And are monitoring them to avoid certs being expired.

We have a 3rd party cert/ca - do I also need to monitor the following

"/etc/pki/ovirt-vmconsole/ca.pub"
"/etc/pki/vdsm/certs/cacert.pem"
"/etc/pki/vdsm/libvirt-migrate/ca-cert.pem"
"/etc/pki/vdsm/libvirt-spice/ca-cert.pem"
"/etc/pki/vdsm/libvirt-vnc/ca-cert.pem"
"/etc/pki/CA/cacert.pem"

If the CA is updated on the engine do the above ca certs get updated with an update or
re-enroll ?

Thanks

Added on Oct 3 2023

#certs, #linux, #olvm, #oracle-linux-kvm-and-oracle-linux-virtualization-manager, #vdsm

0 comments

492 views