<div style="line-height:1.7;color:#000000;font-size:14px;font-family:Arial"><div class="bz_comment_text
bz_wrap_comment_text">hello, everyone<br></div><div class="bz_comment_text
bz_wrap_comment_text"> I'm a newbie in ovirt and ssl, and I see follows in Redhat Bugzilla:</div><div class="bz_comment_text
bz_wrap_comment_text">============================================================<br></div><div class="bz_comment_text
bz_wrap_comment_text">1. Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine. This certificate should be in the host, inside the file /etc/pki/vdsm/certs/vdsmcert.pem. <br></div><div class="bz_comment_text
bz_wrap_comment_text">2. Once you have the VDSM certificate in the engine machine verify that it has been signed by the certificate authority of the engine:
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pem
vdsmcert.pem: OK
As in the example above the result should be "OK", if you get any other thing then there is a problem. <br></div><div class="bz_comment_text
bz_wrap_comment_text">3. Check that the CA certificate used by both RHEV-H and RHEV-M is the same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it is inside /etc/pki/ovirt-engine/ca.pem. <br></div><div class="bz_comment_text
bz_wrap_comment_text">===========================================================<br></div><div class="bz_comment_text
bz_wrap_comment_text"> then I have some questions:</div><div class="bz_comment_text
bz_wrap_comment_text"> 1.how did the vdsmcert.pem generated?</div><div class="bz_comment_text
bz_wrap_comment_text"> 2.i saw vdsmcert.pem in vdsm as the same as certs/106F.pem in engine, but vdsmcert.pem's size is 4k, and 106F.pem's size is 8k,why's this?</div><div class="bz_comment_text
bz_wrap_comment_text"> 3.cacert.pem : 1000.pem is the same as vdsmcert.pem : 106F.pem, so as first " Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine" <br></div><div class="bz_comment_text
bz_wrap_comment_text">may be not right, there's size is different?</div><div class="bz_comment_text
bz_wrap_comment_text"> 4.As i know these files in engine is used: engine.p12, .truststore; and these in vdsm is used: vdsmkey.pem, vdsmcert.pem, cacert.pem, how did these works?</div><div class="bz_comment_text
bz_wrap_comment_text"><br></div><div class="bz_comment_text
bz_wrap_comment_text">Thanks in Advance<br></div></div><br><br><span title="neteasefooter"><p> </p></span>