How to check if we have configured Network Encryption on RHHI-V or Red Hat Gluster Storage - What is self-signed encryption?

Solution Verified - Updated -

Issue

RHHI-V Host Replacement is described at
RHHI-V 1.6 Maintaining Red Hat Hyperconverged Infrastructure for Virtualization - Chapter 13. Replacing hosts

13.1 states: “When self-signed encryption is enabled, replacing a node is a disruptive process that requires virtual machines and the Hosted Engine to be shut down.”

Q1. What does this “self-signed encryption” refers to?
Q2. How do we know whether it is enabled or not?
Q3. Why it is this a disruptive process when self-signed encryption is enabled?

Note. When certificates expire (usually after 1 year) you need to follow the exact same process of creating certificates and the concatenated CA file.
If something is wrong , you may get an error like:

SSL connect error (client : IP_client:1021) (server: IP_server:24007)
routines:ssl3_read_bytes:tlsv1 alert unknown ca 

Environment

  • RHHI-V 1.6 (this may apply to previous versions too)
  • RHGS 3.5 (this may apply to previous versions too)
  • OCS 3.11.X

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content