[ovirt-users] Re: Upload Cerfiticate issue
On Wed, May 11, 2022 at 6:42 PM <louisb(a)ameritech.net> wrote:
I started to investigate based on your question regarding a secure connection. From that
investigation this what I’ve found:
When viewing he certificate the AIA section shows the following:
Authority Info (AIA)
Location:
http://ovirtdl380gen10.cscd.net:80/ovirt-engine/services/pki-resource?res...
Which certificate? I suppose you mean the https certificate. The CA
certificate should not have AIA.
Are you sure you imported the CA cert to your browser correctly?
Method: CA Issuers
It appears that the certificate is being issue/released on port 80, could this be the
reason no connection can be established with the “ovirt imageio” service; since the
service is looking for a connection on a secured port such as 443?
It's _available_ via both 80 and 443, bug advertised on 80 -
otherwise, you run into a chicken-and-egg problem: You want to
securely get the CA cert, but to do that, you need the CA cert...
But that's unrelated to your issue, IMO.
How can or what should be done to correct this. If this is the issue I suspect that I
need to have a certificate that is from port 443 or some other secured connection.
Again:
Please ignore AIA.
You should _manually_ get the CA cert and import it into your browser,
as Nir detailed.
If you are unsure whether you got the correct cert, you can also copy
it from the engine machine with ssh, from /etc/pki/ovirt-engine/ca.pem
.
Good luck and best regards,
--
Didi