My Oracle Support Banner

OLVM: "Renew certificates?" asked during engine-setup upgrade (Doc ID 2881997.1)

Last updated on DECEMBER 12, 2023

Applies to:

Linux OS - Version Oracle Linux 7.6 with Unbreakable Enterprise Kernel [4.14.35] and later
Linux x86-64


An Oracle Linux Virtualization Manager with customized certificate containing UTCTIME, during engine-setup upgrade, below message might be seen:
One or more of the certificates should be renewed, because they expire soon, or include an invalid expiry date, or they were created with validity period longer than 398 days, or do not include the subjectAltName extension, which can cause them to be rejected by recent browsers and up to date hosts.
See for more details.
Renew certificates? (Yes, No) [No]:
Are you really sure that you want to skip the PKI renewal process?
Please notice that recent openssl and gnutls upgrades can lead hosts refusing this CA cert making them unusable.
If you choose "Yes", setup will continue and you will be asked again the next time you run this Setup. Otherwise, this process will abort and you will be expected to plan a proper upgrade according to
Skip PKI renewal process? (Yes, No) [No]:

If choose No to both above, the engine-setup will fail as explained screen message:
Failed to execute stage 'Environment customization': Aborted by user


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.