4:39 p.m.
------=_Part_21069_330485989.1506040752011
Content-Type: text/plain; charset=GBK
Content-Transfer-Encoding: base64
aGVsbG8sIGV2ZXJ5b25lCgogICBJJ20gYSBuZXdiaWUgaW4gb3ZpcnQgYW5kIHNzbCwgYW5kIEkg
c2VlIGZvbGxvd3MgaW4gUmVkaGF0IEJ1Z3ppbGxhOgo9PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KCjEuIENvcHkgdGhlIFZEU00gY2Vy
dGlmaWNhdGUgb2YgdGhlIFJIRVYtSCBob3N0IHRvIHRoZSBSSEVWLU0gbWFjaGluZS4gVGhpcyBj
ZXJ0aWZpY2F0ZSBzaG91bGQgYmUgaW4gdGhlIGhvc3QsIGluc2lkZSB0aGUgZmlsZSAvZXRjL3Br
aS92ZHNtL2NlcnRzL3Zkc21jZXJ0LnBlbS4KCjIuIE9uY2UgeW91IGhhdmUgdGhlIFZEU00gY2Vy
dGlmaWNhdGUgaW4gdGhlIGVuZ2luZSBtYWNoaW5lIHZlcmlmeSB0aGF0IGl0IGhhcyBiZWVuIHNp
Z25lZCBieSB0aGUgY2VydGlmaWNhdGUgYXV0aG9yaXR5IG9mIHRoZSBlbmdpbmU6ICMgb3BlbnNz
bCB2ZXJpZnkgLUNBZmlsZSAvZXRjL3BraS9vdmlydC1lbmdpbmUvY2EucGVtIHZkc21jZXJ0LnBl
bSB2ZHNtY2VydC5wZW06IE9LIEFzIGluIHRoZSBleGFtcGxlIGFib3ZlIHRoZSByZXN1bHQgc2hv
dWxkIGJlICJPSyIsIGlmIHlvdSBnZXQgYW55IG90aGVyIHRoaW5nIHRoZW4gdGhlcmUgaXMgYSBw
cm9ibGVtLgoKMy4gQ2hlY2sgdGhhdCB0aGUgQ0EgY2VydGlmaWNhdGUgdXNlZCBieSBib3RoIFJI
RVYtSCBhbmQgUkhFVi1NIGlzIHRoZSBzYW1lLiBJbiBSSEVWLUggaXQgaXMgaW5zaWRlIC9ldGMv
cGtpL3Zkc20vY2VydHMvY2FjZXJ0LnBlbSwgaW4gUkhFVi1NIGl0IGlzIGluc2lkZSAvZXRjL3Br
aS9vdmlydC1lbmdpbmUvY2EucGVtLgoKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT0KCiAgIHRoZW4gSSBoYXZlIHNvbWUgcXVlc3Rpb25z
OgogICAgMS5ob3cgZGlkIHRoZSB2ZHNtY2VydC5wZW0gZ2VuZXJhdGVkPwogICAgMi5pIHNhdyB2
ZHNtY2VydC5wZW0gaW4gdmRzbSBhcyB0aGUgc2FtZSBhcyBjZXJ0cy8xMDZGLnBlbSBpbiBlbmdp
bmUsIGJ1dCB2ZHNtY2VydC5wZW0ncyBzaXplIGlzIDRrLCBhbmQgMTA2Ri5wZW0ncyBzaXplIGlz
IDhrLHdoeSdzIHRoaXM/CiAgICAzLmNhY2VydC5wZW0gOiAxMDAwLnBlbSBpcyB0aGUgc2FtZSBh
cyB2ZHNtY2VydC5wZW0gOiAxMDZGLnBlbSwgc28gYXMgZmlyc3QgIiBDb3B5IHRoZSBWRFNNIGNl
cnRpZmljYXRlIG9mIHRoZSBSSEVWLUggaG9zdCB0byB0aGUgUkhFVi1NIG1hY2hpbmUiCgptYXkg
YmUgbm90IHJpZ2h0LCB0aGVyZSdzIHNpemUgaXMgZGlmZmVyZW50PwogICAgNC5BcyBpIGtub3cg
dGhlc2UgZmlsZXMgaW4gZW5naW5lIGlzIHVzZWQ6IGVuZ2luZS5wMTIsIC50cnVzdHN0b3JlOyBh
bmQgdGhlc2UgaW4gdmRzbSBpcyB1c2VkOiB2ZHNta2V5LnBlbSwgdmRzbWNlcnQucGVtLCBjYWNl
cnQucGVtLCBob3cgZGlkIHRoZXNlIHdvcmtzPwoKClRoYW5rcyBpbiBBZHZhbmNlCg==
------=_Part_21069_330485989.1506040752011
Content-Type: text/html; charset=GBK
Content-Transfer-Encoding: base64
PGRpdiBzdHlsZT0ibGluZS1oZWlnaHQ6MS43O2NvbG9yOiMwMDAwMDA7Zm9udC1zaXplOjE0cHg7
Zm9udC1mYW1pbHk6QXJpYWwiPjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAg
ICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij5oZWxsbywgZXZlcnlvbmU8YnI+PC9kaXY+PGRp
diBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9jb21tZW50
X3RleHQiPiZuYnNwOyZuYnNwOyBJJ20gYSBuZXdiaWUgaW4gb3ZpcnQgYW5kIHNzbCwgYW5kIEkg
c2VlIGZvbGxvd3MgaW4gUmVkaGF0IEJ1Z3ppbGxhOjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1l
bnRfdGV4dAogICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij49PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT08YnI+PC9k
aXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9j
b21tZW50X3RleHQiPjEuIENvcHkgdGhlIFZEU00gY2VydGlmaWNhdGUgb2YgdGhlIFJIRVYtSCBo
b3N0IHRvIHRoZSBSSEVWLU0gbWFjaGluZS4gVGhpcyBjZXJ0aWZpY2F0ZSBzaG91bGQgYmUgaW4g
dGhlIGhvc3QsIGluc2lkZSB0aGUgZmlsZSAvZXRjL3BraS92ZHNtL2NlcnRzL3Zkc21jZXJ0LnBl
bS4gPGJyPjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAg
IGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4yLiBPbmNlIHlvdSBoYXZlIHRoZSBWRFNNIGNlcnRpZmlj
YXRlIGluIHRoZSBlbmdpbmUgbWFjaGluZSB2ZXJpZnkgdGhhdCBpdCBoYXMgYmVlbiBzaWduZWQg
YnkgdGhlIGNlcnRpZmljYXRlIGF1dGhvcml0eSBvZiB0aGUgZW5naW5lOgoKIyBvcGVuc3NsIHZl
cmlmeSAtQ0FmaWxlIC9ldGMvcGtpL292aXJ0LWVuZ2luZS9jYS5wZW0gdmRzbWNlcnQucGVtCnZk
c21jZXJ0LnBlbTogT0sKCkFzIGluIHRoZSBleGFtcGxlIGFib3ZlIHRoZSByZXN1bHQgc2hvdWxk
IGJlICJPSyIsIGlmIHlvdSBnZXQgYW55IG90aGVyIHRoaW5nIHRoZW4gdGhlcmUgaXMgYSBwcm9i
bGVtLiA8YnI+PC9kaXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0CiAgICAgICAgICAgICAg
ICAgYnpfd3JhcF9jb21tZW50X3RleHQiPjMuIENoZWNrIHRoYXQgdGhlIENBIGNlcnRpZmljYXRl
IHVzZWQgYnkgYm90aCBSSEVWLUggYW5kIFJIRVYtTSBpcyB0aGUgc2FtZS4gSW4gUkhFVi1IIGl0
IGlzIGluc2lkZSAvZXRjL3BraS92ZHNtL2NlcnRzL2NhY2VydC5wZW0sIGluIFJIRVYtTSBpdCBp
cyBpbnNpZGUgL2V0Yy9wa2kvb3ZpcnQtZW5naW5lL2NhLnBlbS4gPGJyPjwvZGl2PjxkaXYgY2xh
c3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0
Ij49PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PTxicj48L2Rpdj48ZGl2IGNsYXNzPSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAg
ICBiel93cmFwX2NvbW1lbnRfdGV4dCI+Jm5ic3A7Jm5ic3A7IHRoZW4gSSBoYXZlIHNvbWUgcXVl
c3Rpb25zOjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAogICAgICAgICAgICAgICAg
IGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsgMS5ob3cgZGlkIHRoZSB2
ZHNtY2VydC5wZW0gZ2VuZXJhdGVkPzwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAog
ICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij4mbmJzcDsmbmJzcDsmbmJzcDsg
Mi5pIHNhdyB2ZHNtY2VydC5wZW0gaW4gdmRzbSBhcyB0aGUgc2FtZSBhcyBjZXJ0cy8xMDZGLnBl
bSBpbiBlbmdpbmUsIGJ1dCB2ZHNtY2VydC5wZW0ncyBzaXplIGlzIDRrLCBhbmQgMTA2Ri5wZW0n
cyBzaXplIGlzIDhrLHdoeSdzIHRoaXM/PC9kaXY+PGRpdiBjbGFzcz0iYnpfY29tbWVudF90ZXh0
CiAgICAgICAgICAgICAgICAgYnpfd3JhcF9jb21tZW50X3RleHQiPiZuYnNwOyZuYnNwOyZuYnNw
OyAzLmNhY2VydC5wZW0gOiAxMDAwLnBlbSBpcyB0aGUgc2FtZSBhcyB2ZHNtY2VydC5wZW0gOiAx
MDZGLnBlbSwgc28gYXMgZmlyc3QgIiBDb3B5IHRoZSBWRFNNIGNlcnRpZmljYXRlIG9mIHRoZSBS
SEVWLUggaG9zdCB0byB0aGUgUkhFVi1NIG1hY2hpbmUiIDxicj48L2Rpdj48ZGl2IGNsYXNzPSJi
el9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93cmFwX2NvbW1lbnRfdGV4dCI+bWF5
IGJlIG5vdCByaWdodCwgdGhlcmUncyBzaXplIGlzIGRpZmZlcmVudD88L2Rpdj48ZGl2IGNsYXNz
PSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93cmFwX2NvbW1lbnRfdGV4dCI+
Jm5ic3A7Jm5ic3A7Jm5ic3A7IDQuQXMgaSBrbm93IHRoZXNlIGZpbGVzIGluIGVuZ2luZSBpcyB1
c2VkOiBlbmdpbmUucDEyLCAudHJ1c3RzdG9yZTsgYW5kIHRoZXNlIGluIHZkc20gaXMgdXNlZDog
dmRzbWtleS5wZW0sIHZkc21jZXJ0LnBlbSwgY2FjZXJ0LnBlbSwgaG93IGRpZCB0aGVzZSB3b3Jr
cz88L2Rpdj48ZGl2IGNsYXNzPSJiel9jb21tZW50X3RleHQKICAgICAgICAgICAgICAgICBiel93
cmFwX2NvbW1lbnRfdGV4dCI+PGJyPjwvZGl2PjxkaXYgY2xhc3M9ImJ6X2NvbW1lbnRfdGV4dAog
ICAgICAgICAgICAgICAgIGJ6X3dyYXBfY29tbWVudF90ZXh0Ij5UaGFua3MgaW4gQWR2YW5jZTxi
cj48L2Rpdj48L2Rpdj48YnI+PGJyPjxzcGFuIHRpdGxlPSJuZXRlYXNlZm9vdGVyIj48cD4mbmJz
cDs8L3A+PC9zcGFuPg==
------=_Part_21069_330485989.1506040752011--
10:28 a.m.
Hi,
you can find descriptions and file locations of oVirt PKI infrastructure at
[1]. There are also 'pki-*' tools for managing oVirt PKI infra, which are
available on oVirt engine host after installation [2].
Regards
Martin
[1] https://www.ovirt.org/develop/release-management/features/infra/pki/
[2] /usr/share/ovirt-engine/bin
On Fri, Sep 22, 2017 at 2:39 AM, pengyixiang <yxpengi386(a)163.com> wrote:
hello, everyone
I'm a newbie in ovirt and ssl, and I see follows in Redhat Bugzilla:
============================================================
1. Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine.
This certificate should be in the host, inside the file
/etc/pki/vdsm/certs/vdsmcert.pem.
2. Once you have the VDSM certificate in the engine machine verify that it
has been signed by the certificate authority of the engine: # openssl
verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pem vdsmcert.pem: OK
As in the example above the result should be "OK", if you get any other
thing then there is a problem.
3. Check that the CA certificate used by both RHEV-H and RHEV-M is the
same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it
is inside /etc/pki/ovirt-engine/ca.pem.
===========================================================
then I have some questions:
1.how did the vdsmcert.pem generated?
2.i saw vdsmcert.pem in vdsm as the same as certs/106F.pem in engine,
but vdsmcert.pem's size is 4k, and 106F.pem's size is 8k,why's this?
3.cacert.pem : 1000.pem is the same as vdsmcert.pem : 106F.pem, so as
first " Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine"
may be not right, there's size is different?
4.As i know these files in engine is used: engine.p12, .truststore;
and these in vdsm is used: vdsmkey.pem, vdsmcert.pem, cacert.pem, how did
these works?
Thanks in Advance
_______________________________________________
Devel mailing list
Devel(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/devel
2614
days inactive
2614
days old
1 comments
2 participants
participants (2)
-
Martin Perina -
pengyixiang