Feature pages are design documents that developers have created while collaborating on oVirt.

Most of them are outdated, but provide historical design context.

They are not user documentation and should not be treated as such.

Documentation is available here.

PKI Renew

For a general overview of PKI in oVirt, see Features/PKI.

This page documents optional changes that can be done to PKI during upgrade.

Expiry and RFC2459 compatibility

Since 3.5.4, engine-setup checks for certificates (close/past) expiry and for compatibility with rfc2459, and if needed, prompts the user to renew the PKI.

If the reply is ‘No’, engine-setup does not renew. On a later run (e.g. next upgrade), it checks and prompts again.

See also: 3.5.4 Release Notes


Recent browsers (as of 2017) require the subjectAltName extension in https certificates.

Since 4.1.2, engine-setup on clean setups creates certificates that contain this extension.

See also: BZ 1449084

Since 4.1.4, engine-setup checks subjectAltName existence on upgrades, and if missing, prompts, suggesting to renew the PKI.

See also: BZ 1450293