Here is a complete set of instructions that works for me
You can skip the first few steps of generating the certificate.
Ravi
Generate a self-signed certificate using openssl
======================================
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.pem
Convert a PEM certificate file and a private key to PKCS#12 (.p12)
=====================================================
openssl pkcs12 -export -out certificate.p12 -inkey privateKey.key -in certificate.pem
Extract the key from the bundle
=========================
openssl pkcs12 -in certificate.p12 -nocerts -nodes > apache.key.nopass
Extract the certificate from the bundle
==============================
openssl pkcs12 -in certificate.p12 -nokeys > apache.cer
Create a new Keystore for testing
==========================
keytool -keystore clientkeystore -genkey -alias client
Convert .pem to .der
================
openssl x509 -outform der -in certificate.pem -out certificate.der
Import certificates to keystore
=======================
keytool -import -alias apache -keystore ./clientkeystore -file ./certificate.der
Create Custom conf for ovirt
======================
vi /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf
Set location of truststore and its password
=================================
ENGINE_HTTPS_PKI_TRUST_STORE="/home/rnori/Downloads/Cert/clientkeystore"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="123456"
Copy the custom certificates
======================
rm /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.pem /etc/pki/ovirt-engine/apache-ca.pem
cp certificate.p12 /etc/pki/ovirt-engine/keys/apache.p12
cp apache.cer /etc/pki/ovirt-engine/certs/apache.cer
cp apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass
Restart engine and httpd
===================
service httpd restart
service ovirt-engine restart