I followed the docs at https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL/ and all works well from the usual web portal.  Went to test moVirt and ran into a snag.  It wants to download the CA using http://fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA, but that's grabbing the old CA issued by the engine rather than my custom CA.  What else needs to be changed?  I'm sure I can finagle my way to a fix here by telling moVirt to use a custom URL or file, but this looks like a bug in the docs that would probably best be fixed.

-- 
John Florian