Closed LiuYanHao789 closed 1 month ago
Thanks for opening your first issue here! Be sure to follow the issue template!
You can try the following steps
感谢大佬!!!国人牛逼,但是我的这个ca.plugin.root.auth.strictness,我发现默认就是false关闭的,没有打开。这个东西在生产环境会有啥影响吗?
@LiuYanHao789 I don't understand your last comment. By re-provisioning certificate on all hosts and turning auth strictness to true is enough to secure your production env. See if you can upgrade to the most recent 4.18 release and have ca.framework.cert.automatic.renewal
set to true, or increase ca.framework.cert.validity.period
to a high value.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
OS / ENVIRONMENT
Centos 7.9
SUMMARY
When starting the
libvirtd
service, I encountered the error: "The server certificate /etc/pki/libvirt/servercert.pem has expired." The certificate in question originates from/etc/cloudstack/agent/cloud.crt
, which is valid for one year. What should I do when the certificate expires? Should I create a self-signed certificate to replace it? If I do, will there be any impact due to context or dependencies? Or is there another solution?STEPS TO REPRODUCE
I can see that it's a symbolic link, with the source path being /etc/cloudstack/agent/cloud.crt. I checked the certificate's validity period using the command:
EXPECTED RESULTS
I can see that it's a symbolic link, with the source path being /etc/cloudstack/agent/cloud.crt. I checked the certificate's validity period using the command:
It turns out the certificate has expired, which caused the error when I tried to restart the libvirtd service today. Should I create a self-signed certificate to replace it? If I do, will there be any impact due to context or dependencies? Or is there another solution?
ACTUAL RESULTS