foreman certs about to expire

General

Additional Info

General

Additional Info

Description

The oVirt Foreman was deployed on 05.05.2013 and soon most of the certs issued at that time will expire.

Here's a message shown on one of the older systems under its management:
Warning: Certificate 'Puppet CA: foreman.ovirt.org' will expire on 2018-05-05T19:41:35GMT
Warning: Certificate 'foreman.ovirt.org' will expire on 2018-07-02T13:50:12GMT
Warning: Certificate 'monitoring.ovirt.org' will expire on 2018-05-28T15:32:20GMT

So the CA certificate is expiring this week, the puppetmaster one - in two months and some client certs - even sooner than that.

A possible fix is to generate new CA and puppetmaster certificates using original CSRs, then delete /var/lib/puppet/ssl/certs/ca.pem on clients and most of them should keep working since their own certs will still be signed using the same keys.

Linked issues

relates to

OVIRT-2250

update foreman certificate

Activity

Show:

Former user May 4, 2018 at 1:23 PM

CA certificate replaced using this nice article as a guide. Will clean cache on mamanged systems now and will then deal with system certs, most important being:

foreman cert
foreman PHX smart proxy
puppetdb cert
older puppet-managed systems like monitoring, etc

Fixed

Details
Assignee
Former user(Deactivated)
Reporter
Former user(Deactivated)
Priority
High

Created May 3, 2018 at 8:33 PM

Updated September 2, 2018 at 3:50 PM

Resolved June 5, 2018 at 12:10 PM

foreman certs about to expire

Description

Linked issues

relates to

Activity

Former user May 4, 2018 at 1:23 PM

DetailsAssigneeFormer userFormer user(Deactivated)ReporterFormer userFormer user(Deactivated)PriorityHigh

Details

Assignee

Reporter

Priority

Details
Assignee
Former user(Deactivated)
Reporter
Former user(Deactivated)
Priority
High