Skip the PKI renewal process during engine-setup makes RHV host non-responsive

Solution Verified - Updated -

Issue

  • During upgrade of RHVM, running engine-setup, I get this message:

    One or more of the certificates should be renewed, because they expire soon, or include an invalid expiry date, or do not include the subjectAltName extension, which can cause them to be rejected by recent browsers and up to date hosts.
      See https://access.redhat.com/solutions/1572983 for more details.
      Renew certificates? (Yes, No) [No]:
      Are you really sure that you want to skip the PKI renewal process?
      Please notice that recent openssl and gnutls upgrades can lead hosts refusing this CA cert making them unusable.
      If you choose "Yes", setup will continue and you will be asked again the next time you run this Setup. Otherwise, this process will abort and you will be expected to plan a proper upgrade according to https://access.redhat.com/solutions/1572983.
      Skip PKI renewal process? (Yes, No) [No]:

  • What should I select to avoid hosts becoming non-responsive?

Environment

Red Hat Virtualization (RHV) 4.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content