how did ovirt's ssl work?
------=_Part_21069_330485989.1506040752011 Content-Type: text/plain; charset=GBK Content-Transfer-Encoding: base64 aGVsbG8sIGV2ZXJ5b25lCgogICBJJ20gYSBuZXdiaWUgaW4gb3ZpcnQgYW5kIHNzbCwgYW5kIEkg c2VlIGZvbGxvd3MgaW4gUmVkaGF0IEJ1Z3ppbGxhOgo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KCjEuIENvcHkgdGhlIFZEU00gY2Vy dGlmaWNhdGUgb2YgdGhlIFJIRVYtSCBob3N0IHRvIHRoZSBSSEVWLU0gbWFjaGluZS4gVGhpcyBj ZXJ0aWZpY2F0ZSBzaG91bGQgYmUgaW4gdGhlIGhvc3QsIGluc2lkZSB0aGUgZmlsZSAvZXRjL3Br aS92ZHNtL2NlcnRzL3Zkc21jZXJ0LnBlbS4KCjIuIE9uY2UgeW91IGhhdmUgdGhlIFZEU00gY2Vy dGlmaWNhdGUgaW4gdGhlIGVuZ2luZSBtYWNoaW5lIHZlcmlmeSB0aGF0IGl0IGhhcyBiZWVuIHNp Z25lZCBieSB0aGUgY2VydGlmaWNhdGUgYXV0aG9yaXR5IG9mIHRoZSBlbmdpbmU6ICMgb3BlbnNz bCB2ZXJpZnkgLUNBZmlsZSAvZXRjL3BraS9vdmlydC1lbmdpbmUvY2EucGVtIHZkc21jZXJ0LnBl bSB2ZHNtY2VydC5wZW06IE9LIEFzIGluIHRoZSBleGFtcGxlIGFib3ZlIHRoZSByZXN1bHQgc2hv dWxkIGJlICJPSyIsIGlmIHlvdSBnZXQgYW55IG90aGVyIHRoaW5nIHRoZW4gdGhlcmUgaXMgYSBw cm9ibGVtLgoKMy4gQ2hlY2sgdGhhdCB0aGUgQ0EgY2VydGlmaWNhdGUgdXNlZCBieSBib3RoIFJI RVYtSCBhbmQgUkhFVi1NIGlzIHRoZSBzYW1lLiBJbiBSSEVWLUggaXQgaXMgaW5zaWRlIC9ldGMv cGtpL3Zkc20vY2VydHMvY2FjZXJ0LnBlbSwgaW4gUkhFVi1NIGl0IGlzIGluc2lkZSAvZXRjL3Br aS9vdmlydC1lbmdpbmUvY2EucGVtLgoKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KCiAgIHRoZW4gSSBoYXZlIHNvbWUgcXVlc3Rpb25z OgogICAgMS5ob3cgZGlkIHRoZSB2ZHNtY2VydC5wZW0gZ2VuZXJhdGVkPwogICAgMi5pIHNhdyB2 ZHNtY2VydC5wZW0gaW4gdmRzbSBhcyB0aGUgc2FtZSBhcyBjZXJ0cy8xMDZGLnBlbSBpbiBlbmdp bmUsIGJ1dCB2ZHNtY2VydC5wZW0ncyBzaXplIGlzIDRrLCBhbmQgMTA2Ri5wZW0ncyBzaXplIGlz IDhrLHdoeSdzIHRoaXM/CiAgICAzLmNhY2VydC5wZW0gOiAxMDAwLnBlbSBpcyB0aGUgc2FtZSBh cyB2ZHNtY2VydC5wZW0gOiAxMDZGLnBlbSwgc28gYXMgZmlyc3QgIiBDb3B5IHRoZSBWRFNNIGNl cnRpZmljYXRlIG9mIHRoZSBSSEVWLUggaG9zdCB0byB0aGUgUkhFVi1NIG1hY2hpbmUiCgptYXkg YmUgbm90IHJpZ2h0LCB0aGVyZSdzIHNpemUgaXMgZGlmZmVyZW50PwogICAgNC5BcyBpIGtub3cg dGhlc2UgZmlsZXMgaW4gZW5naW5lIGlzIHVzZWQ6IGVuZ2luZS5wMTIsIC50cnVzdHN0b3JlOyBh bmQgdGhlc2UgaW4gdmRzbSBpcyB1c2VkOiB2ZHNta2V5LnBlbSwgdmRzbWNlcnQucGVtLCBjYWNl cnQucGVtLCBob3cgZGlkIHRoZXNlIHdvcmtzPwoKClRoYW5rcyBpbiBBZHZhbmNlCg== ------=_Part_21069_330485989.1506040752011 Content-Type: text/html; charset=GBK Content-Transfer-Encoding: base64 PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7 Zm9udC1mYW1pbHk6QXJpYWwiPjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAg ICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij5oZWxsbywgZXZlcnlvbmU8YnI+PC9kaXY+PGRp diBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9jb21tZW50 X3RleHQiPiZuYnNwOyZuYnNwOyBJJ20gYSBuZXdiaWUgaW4gb3ZpcnQgYW5kIHNzbCwgYW5kIEkg c2VlIGZvbGxvd3MgaW4gUmVkaGF0IEJ1Z3ppbGxhOjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1l bnRfdGV4dAogICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij49PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08YnI+PC9k aXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9j b21tZW50X3RleHQiPjEuIENvcHkgdGhlIFZEU00gY2VydGlmaWNhdGUgb2YgdGhlIFJIRVYtSCBo b3N0IHRvIHRoZSBSSEVWLU0gbWFjaGluZS4gVGhpcyBjZXJ0aWZpY2F0ZSBzaG91bGQgYmUgaW4g dGhlIGhvc3QsIGluc2lkZSB0aGUgZmlsZSAvZXRjL3BraS92ZHNtL2NlcnRzL3Zkc21jZXJ0LnBl bS4gPGJyPjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAg IGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4yLiBPbmNlIHlvdSBoYXZlIHRoZSBWRFNNIGNlcnRpZmlj YXRlIGluIHRoZSBlbmdpbmUgbWFjaGluZSB2ZXJpZnkgdGhhdCBpdCBoYXMgYmVlbiBzaWduZWQg YnkgdGhlIGNlcnRpZmljYXRlIGF1dGhvcml0eSBvZiB0aGUgZW5naW5lOgoKIyBvcGVuc3NsIHZl cmlmeSAtQ0FmaWxlIC9ldGMvcGtpL292aXJ0LWVuZ2luZS9jYS5wZW0gdmRzbWNlcnQucGVtCnZk c21jZXJ0LnBlbTogT0sKCkFzIGluIHRoZSBleGFtcGxlIGFib3ZlIHRoZSByZXN1bHQgc2hvdWxk IGJlICJPSyIsIGlmIHlvdSBnZXQgYW55IG90aGVyIHRoaW5nIHRoZW4gdGhlcmUgaXMgYSBwcm9i bGVtLiA8YnI+PC9kaXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAg ICAgYnpfd3JhcF9jb21tZW50X3RleHQiPjMuIENoZWNrIHRoYXQgdGhlIENBIGNlcnRpZmljYXRl IHVzZWQgYnkgYm90aCBSSEVWLUggYW5kIFJIRVYtTSBpcyB0aGUgc2FtZS4gSW4gUkhFVi1IIGl0 IGlzIGluc2lkZSAvZXRjL3BraS92ZHNtL2NlcnRzL2NhY2VydC5wZW0sIGluIFJIRVYtTSBpdCBp cyBpbnNpZGUgL2V0Yy9wa2kvb3ZpcnQtZW5naW5lL2NhLnBlbS4gPGJyPjwvZGl2PjxkaXYgY2xh c3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0 Ij49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PTxicj48L2Rpdj48ZGl2IGNsYXNzPSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAg ICBiel93cmFwX2NvbW1lbnRfdGV4dCI+Jm5ic3A7Jm5ic3A7IHRoZW4gSSBoYXZlIHNvbWUgcXVl c3Rpb25zOjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAg IGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgMS5ob3cgZGlkIHRoZSB2 ZHNtY2VydC5wZW0gZ2VuZXJhdGVkPzwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAog ICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsg Mi5pIHNhdyB2ZHNtY2VydC5wZW0gaW4gdmRzbSBhcyB0aGUgc2FtZSBhcyBjZXJ0cy8xMDZGLnBl bSBpbiBlbmdpbmUsIGJ1dCB2ZHNtY2VydC5wZW0ncyBzaXplIGlzIDRrLCBhbmQgMTA2Ri5wZW0n cyBzaXplIGlzIDhrLHdoeSdzIHRoaXM/PC9kaXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0 CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9jb21tZW50X3RleHQiPiZuYnNwOyZuYnNwOyZuYnNw OyAzLmNhY2VydC5wZW0gOiAxMDAwLnBlbSBpcyB0aGUgc2FtZSBhcyB2ZHNtY2VydC5wZW0gOiAx MDZGLnBlbSwgc28gYXMgZmlyc3QgIiBDb3B5IHRoZSBWRFNNIGNlcnRpZmljYXRlIG9mIHRoZSBS SEVWLUggaG9zdCB0byB0aGUgUkhFVi1NIG1hY2hpbmUiIDxicj48L2Rpdj48ZGl2IGNsYXNzPSJi el9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93cmFwX2NvbW1lbnRfdGV4dCI+bWF5 IGJlIG5vdCByaWdodCwgdGhlcmUncyBzaXplIGlzIGRpZmZlcmVudD88L2Rpdj48ZGl2IGNsYXNz PSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93cmFwX2NvbW1lbnRfdGV4dCI+ Jm5ic3A7Jm5ic3A7Jm5ic3A7IDQuQXMgaSBrbm93IHRoZXNlIGZpbGVzIGluIGVuZ2luZSBpcyB1 c2VkOiBlbmdpbmUucDEyLCAudHJ1c3RzdG9yZTsgYW5kIHRoZXNlIGluIHZkc20gaXMgdXNlZDog dmRzbWtleS5wZW0sIHZkc21jZXJ0LnBlbSwgY2FjZXJ0LnBlbSwgaG93IGRpZCB0aGVzZSB3b3Jr cz88L2Rpdj48ZGl2IGNsYXNzPSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93 cmFwX2NvbW1lbnRfdGV4dCI+PGJyPjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAog ICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij5UaGFua3MgaW4gQWR2YW5jZTxi cj48L2Rpdj48L2Rpdj48YnI+PGJyPjxzcGFuIHRpdGxlPSJuZXRlYXNlZm9vdGVyIj48cD4mbmJz cDs8L3A+PC9zcGFuPg== ------=_Part_21069_330485989.1506040752011--
Hi, you can find descriptions and file locations of oVirt PKI infrastructure at [1]. There are also 'pki-*' tools for managing oVirt PKI infra, which are available on oVirt engine host after installation [2]. Regards Martin [1] https://www.ovirt.org/develop/release-management/features/infra/pki/ [2] /usr/share/ovirt-engine/bin On Fri, Sep 22, 2017 at 2:39 AM, pengyixiang <yxpengi386@163.com> wrote:
hello, everyone I'm a newbie in ovirt and ssl, and I see follows in Redhat Bugzilla: ============================================================ 1. Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine. This certificate should be in the host, inside the file /etc/pki/vdsm/certs/vdsmcert.pem. 2. Once you have the VDSM certificate in the engine machine verify that it has been signed by the certificate authority of the engine: # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pem vdsmcert.pem: OK As in the example above the result should be "OK", if you get any other thing then there is a problem. 3. Check that the CA certificate used by both RHEV-H and RHEV-M is the same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it is inside /etc/pki/ovirt-engine/ca.pem. =========================================================== then I have some questions: 1.how did the vdsmcert.pem generated? 2.i saw vdsmcert.pem in vdsm as the same as certs/106F.pem in engine, but vdsmcert.pem's size is 4k, and 106F.pem's size is 8k,why's this? 3.cacert.pem : 1000.pem is the same as vdsmcert.pem : 106F.pem, so as first " Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine" may be not right, there's size is different? 4.As i know these files in engine is used: engine.p12, .truststore; and these in vdsm is used: vdsmkey.pem, vdsmcert.pem, cacert.pem, how did these works?
Thanks in Advance
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel
participants (2)
-
Martin Perina -
pengyixiang