No this doesn't :)
Had to do it multiple times already. The setup just regenerates them, so
its quite easy option.
On 4/23/25 15:21, Pavel Šipoš wrote:
Wouldn't deleting the |.p12| files break the connection to existing
oVirt nodes?
I think the best approach is to export and re-sign the certificates
before creating a backup (on old ovirt-engine).
https://access.redhat.com/solutions/5047531
Best regards,
Pavel
On 22. 4. 25 13:12, Jean-Louis Dupond via Users wrote:
You should be able to just do: rm -f /etc/pki/ovirt-engine/keys/*.p12
And then rerun engine-setup.
On 4/22/25 12:51, KSNull Zero wrote:
Hello!
There are a lot of errors regarding legacy cipher while restoring
engine backup to RL9 during our migration to 4.5.
2025-04-22 08:35:48,773+0300 DEBUG
otopi.plugins.ovirt_engine_setup.ovirt_engine.pki.ca
plugin.execute:923 execute-output: ('/usr/bin/openssl', 'pkcs12',
'-in', '/etc/pki/ovirt-engine/keys/engine.p12', '-passin',
'pass:**FILTERED**', '-nokeys') stderr:
Error outputting keys and certificates
00CE347D1F7F0000:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:355:Global
default library context, Algorithm (RC2-40-CBC : 0), Properties ()
RHEL/RL 9 disables the legacy provider for security reasons.
What is the best way to solve this problem ?
Should i just enable legacy provider in OpenSSL config or re-sign
all certs with new ciper (where can i find more information about
this) ?
Thank you.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/DZ7FUYQZ3ZEEMWDVNIK26NNAHDTZVHOP/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/NIQ463APRAAJ45HV35GYL6IYAXAP5LN6/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/MPD4GEBT7NQH56MJUR3HSUATYMTITUH7/
