OLVM: "Renew certificates?" asked during engine-setup upgrade (Doc ID 2881997.1)

Last updated on DECEMBER 12, 2023

Applies to:

Goal

An Oracle Linux Virtualization Manager with customized certificate containing UTCTIME, during engine-setup upgrade, below message might be seen:
One or more of the certificates should be renewed, because they expire soon, or include an invalid expiry date, or they were created with validity period longer than 398 days, or do not include the subjectAltName extension, which can cause them to be rejected by recent browsers and up to date hosts.
See https://www.ovirt.org/develop/release-management/features/infra/pki-renew/ for more details.
Renew certificates? (Yes, No) [No]:
Are you really sure that you want to skip the PKI renewal process?
Please notice that recent openssl and gnutls upgrades can lead hosts refusing this CA cert making them unusable.
If you choose "Yes", setup will continue and you will be asked again the next time you run this Setup. Otherwise, this process will abort and you will be expected to plan a proper upgrade according to https://www.ovirt.org/develop/release-management/features/infra/pki-renew/.
Skip PKI renewal process? (Yes, No) [No]:

If choose No to both above, the engine-setup will fail as explained screen message:
Failed to execute stage 'Environment customization': Aborted by user

Solution

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.