My Oracle Support Banner

OLVM: How to Renew SSL Certificates that are Expired or Nearing Expiration (Doc ID 3006292.1)

Last updated on SEPTEMBER 29, 2024

Applies to:

Linux OS - Version Oracle Linux 7.6 with Unbreakable Enterprise Kernel [4.14.35] and later
Linux x86-64
OLVM 4.3, 4.4 and 4.5









Goal

The purpose of this document is to list the procedures to renew SSL certificates related to OLVM Engine and KVM hosts.

It has four sections as outlined below.

  1. Renewal of SSL certificates that are nearing expiration
  2. Renewal of SSL certificates that are already expired
  3. Renewal of SSL certificates when hosted engine VM is not accessible
  4. FAQs

 

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
 1. Renewal of SSL certificates that are nearing expiration:
 Renew OLVM Engine certificates (nearing expiration):
 Renew KVM host certificates (nearing expiration):
 2. Renewal of SSL certificates that are already expired:
 Renew OLVM Engine certificates (expired):
 Renew KVM host certificates (expired):
 3. Renewal of SSL certificates when hosted engine VM is not accessible:
 4. FAQs
 Cert validity (Engine and KVM host) and warning/alert intervals:
 What is the best practice for certificate renewal ?
 Will the engine certificates automatically renew when nearing expiration ?
 What are the features affected when Engine side certificates expire?
 Will the KVM host certificates automatically renew when nearing expiration ?
 Is it possible to manually renew KVM host's certificates that are nearing expiration without downtime ?
 What are the features affected when KVM host's certificates expire?
 Is it mandatory to Enroll KVM host's certificates through UI even after a successful regeneration of them manually ?
 Will the cert validity automatically extend from 398D to 5Y after an upgrade from 4.4 to 4.5 ?
 How to renew Engine side certificates if there are only few of them listed as nearing expiration or expired? For example, apache.cer has a validity of 398D compared to 5Y validity for other certificates.
 Is there a procedure to verify the expiry of all the OLVM certificates ?
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.