My Oracle Support Banner

OLVM: How to renew OLVM Hosts Certificate in OLVM Environment/Infrastructure (Doc ID 2885203.1)

Last updated on OCTOBER 16, 2023

Applies to:

Linux OS - Version Oracle Linux 7.9 with Unbreakable Enterprise Kernel [5.4.17] and later
Linux x86-64


To guide the user on how to renew Certificates in OLVM Environment/Infrastructure.

  • For third-party CA Certificate replacement, please follow this KM Document (Doc ID 2885170.1)
  • Do not let Certificates expire. If they expire, the KVM hosts and the OLVM Engine host will stop responding, and recovery is an error-prone and time-consuming process.
  • By default, OLVM 4.3.x/4.4.x Engine host Certificate follow 10 years lifetime, while in OLVM 4.3.x the KVM hosts follow the 5 years lifetime and in OLVM 4.4.x the KVM hosts follow the 398 days lifetime and must be renewed before it expires. See the sample output below:
  • For Best Practices, whenever there is an internal CA Root Certificates Update/Renewal on the OLVM's Apache Component, it is recommended to renew the Certificates of the OLVM Engine host and the KVM hosts even though the defaults lasts 10 years for the OLVM 4.3.x/4.4.x Engine host, 5 years for the OLVM 4.3.x KVM hosts and 398 days for the OLVM 4.4.x KVM hosts, respectively. This to avoid 'Out of Sync' issues.

OLVM 4.3.x


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.