[ovirt-users] Re: Use public-signed SSL certs?

Circling back to an old email... Once upon a time, Yedidyah Bar David <didi(a)redhat.com&gt; said: Was anybody able to look at this? I had to use my dev hardware for something else for a bit, so re-installed with 4.3.5 yesterday. The imageio SSL cert issue looks good, but I still can't figure out the ovirt-provider-ovn CA usage. My little bit of digging seems to show that the engine connects to the provider and is using an SSL client cert, and that cert is signed by something... but I'm not sure what. I think the provider side is trying to validate with the following setting from /etc/ovirt-provider-ovn/conf.d/10-setup-ovirt-provider-ovn.conf [OVIRT] ovirt-ca-file=/etc/pki/ovirt-engine/apache-ca.pem Following the general "3rd-party SSL", that is now the Let's Encrypt CA. I tried changing it to point to the original self-signed oVirt CA (same directory, just "ca.pem"), but that didn't work either. Any suggestions? -- Chris Adams <cma(a)cmadams.net&gt;