12:30 p.m.
Le 27/10/2016 à 00:14, Kenneth Bingham a écrit :
I did install a server certificate from a private CA on the engine
server for the oVirt 4 Manager GUI, but haven't figured out how to
configure engine to trust the same CA which also issued the server
certificate presented by vdsm. This is important for us because this is
the same server certificate presented by the host when using the console
(e.g. websocket console falls silently if the user agent doesn't trust
the console server's certificate).
Hello,
Maybe related bug : on an oVirt 4, I followed the same procedure below
to install a custom CA, with *SUCCESS*.
Today, I had to reinstall one of the hosts, and it is failing with :
"CA certificate and CA private key do not match" :
http://pastebin.com/9JS05JtJ
Which certificate did we (Kenneth and I) did we mis-used?
What did we do wrong?
Regards,
Nicolas ECARNOT
On Wed, Oct 26, 2016, 16:58 Beckman, Daniel
<Daniel.Beckman(a)ingramcontent.com
<mailto:Daniel.Beckman@ingramcontent.com>> wrote:
We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release.
I read the release notes (https://www.ovirt.org/release/4.0.4/) and
noted comment #4 under “Install / Upgrade from previous version”:____
__ __
/If you are using HTTPS certificate signed by custom certificate
authority, please take a look at https://bugzilla.redhat.com/1336838
for steps which need to be done after migration to 4.0. Also please
consult https://bugzilla.redhat.com/1313379 how to setup this custom
CA for use with virt-viewer clients.____/
/__ __/
So I referred to the first bugzilla
(https://bugzilla.redhat.com/show_bug.cgi?id=1336838), where it
states as follows:____
__ __
If customer wants to use custom HTTPS certificate signed by
different CA, then he has to perform following steps: ____
__ __
1. Install custom CA (that signed HTTPS certificate) into host wide
trustore (more info can be found in update-ca-trust man page) ____
__ __
2. Configure HTTPS certificate in Apache (this step is same as in
previous versions) ____
__ __
3. Create new configuration file (for example
/etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf) with
following content: ____
ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts"
ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD="" ____
__ __
4. Restart ovirt-engine service____
__ __
I find it humorous that step # 1 suggests reading the “man page”
which is only slightly better than suggesting to “google” it. ____
__ __
Has anyone using a custom CA for their HTTPS certificate
successfully upgraded to oVirt 4? If so could you share your
detailed steps? Or can anyone point me to an actual example of this
procedure? I’m a little nervous about the upgrade if you can’t
already tell. ____
__ __
Thanks,____
Daniel____
_______________________________________________
Users mailing list
Users(a)ovirt.org <mailto:Users@ovirt.org>
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
--
Nicolas ECARNOT