Hi Nir
I did not modify /etc/ovirt-imageio/conf.d/50-engine.conf
I only replaced those files:
/etc/pki/ovirt-engine/keys/apache.key.nopass
/etc/pki/ovirt-engine/certs/apache.cer
/etc/pki/ovirt-engine/apache-ca.pem
ovirt-imageio has the apache certificates configured by default.
So why did you change the code using the default configuration?
I found certificates generated by the engine setup for imageio (but not used?)
So I switched to those certificates:
cat /etc/ovirt-imageio/conf.d/99-locl.conf
[tls]
key_file = /etc/pki/ovirt-engine/keys/imageio-proxy.key.nopass
cert_file = /etc/pki/ovirt-engine/certs/imageio-proxy.cer
ca_file = /etc/pki/ovirt-engine/ca.pem
When I test the connection in the image upload screen, now my browser does not validate the imageio's certificate. When import the ca generated by the engine setup, upload works. But I don't want to import the ca generated by the engine setup.
Why did you switch to engine ca if you don't want to use it?
When you change certificates, you need to restart the ovirt-imageio service since it loads the certificates during startup.
Did you restart it?