OLVM: "Renew certificates?" asked during engine-setup upgrade
(Doc ID 2881997.1)
Last updated on JULY 07, 2022
Applies to:Linux OS - Version Oracle Linux 7.6 with Unbreakable Enterprise Kernel [4.14.35] and later
An Oracle Linux Virtualization Manager with customized certificate containing UTCTIME, during engine-setup upgrade, below message might be seen:
One or more of the certificates should be renewed, because they expire soon, or include an invalid expiry date, or they were created with validity period longer than 398 days, or do not include the subjectAltName extension, which can cause them to be rejected by recent browsers and up to date hosts.
See https://www.ovirt.org/develop/release-management/features/infra/pki-renew/ for more details.
Renew certificates? (Yes, No) [No]:
Are you really sure that you want to skip the PKI renewal process?
Please notice that recent openssl and gnutls upgrades can lead hosts refusing this CA cert making them unusable.
If you choose "Yes", setup will continue and you will be asked again the next time you run this Setup. Otherwise, this process will abort and you will be expected to plan a proper upgrade according to https://www.ovirt.org/develop/release-management/features/infra/pki-renew/.
Skip PKI renewal process? (Yes, No) [No]:
If choose No to both above, the engine-setup will fail as explained screen message:
Failed to execute stage 'Environment customization': Aborted by user
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document