[ovirt-users] Re: PKI Problem
On Thu, Jul 30, 2020, 09:31 Ramon Clematide <ramon(a)clematide.ch> wrote:
Hi Nir
I did not modify /etc/ovirt-imageio/conf.d/50-engine.conf
I only replaced those files:
/etc/pki/ovirt-engine/keys/apache.key.nopass
/etc/pki/ovirt-engine/certs/apache.cer
/etc/pki/ovirt-engine/apache-ca.pem
ovirt-imageio has the apache certificates configured by default.
So why did you change the code using the default configuration?
I found certificates generated by the engine setup for imageio (but not
used?)
So I switched to those certificates:
cat /etc/ovirt-imageio/conf.d/99-locl.conf
[tls]
key_file = /etc/pki/ovirt-engine/keys/imageio-proxy.key.nopass
cert_file = /etc/pki/ovirt-engine/certs/imageio-proxy.cer
ca_file = /etc/pki/ovirt-engine/ca.pem
When I test the connection in the image upload screen, now my browser does
not validate the imageio's certificate. When import the ca generated by the
engine setup, upload works. But I don't want to import the ca generated by
the engine setup.
Why did you switch to engine ca if you don't want to use it?
When you change certificates, you need to restart the ovirt-imageio service
since it loads the certificates during startup.
Did you restart it?
_______________________________________________
Users mailing list -- users(a)ovirt.org
To unsubscribe send an email to users-leave(a)ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/GRKFPQKHKOD...
Attachments:
- attachment.html (text/html — 3.1 KB)