[ovirt-users] oVirt node vdsm certificate issue
Alon Bar-Lev
alonbl at redhat.com
Mon Sep 29 11:45:24 UTC 2014
----- Original Message -----
> From: "Raul Laansoo" <raul.laansoo at bigbank.ee>
> To: "users" <users at ovirt.org>
> Sent: Monday, September 29, 2014 2:40:33 PM
> Subject: [ovirt-users] oVirt node vdsm certificate issue
>
> Hi.
>
> I have configured Engine webservice to use certificate issued by internal CA.
> According to http://www.ovirt.org/Features/PKI the CA certificates must be
> in /etc/pki/ovirt-engine/apache-ca.pem. I have kept the self signed (Engine
> internal) certificate (previously linked from
> /etc/pki/ovirt-engine/apache-ca.pem to /etc/pki/ovirt-engine/ca.pem) in
> /etc/pki/ovirt-engine/ca.pem.
>
> When I want to approve/install node host, the
> /etc/pki/ovirt-engine/apache-ca.pem file is downloaded to node as
> /etc/pki/vdsm/certs/cacert.pem. Because vdsmcert.pem is not signed by this
> CA, libvirt fails to start. How should I set up Engine local and internal CA
> files, so that they would not conflict?
Hello,
What have you changed apart from the above?
What certificate do you get out of:
curl http://@HOST@/ovirt-engine/services/pki-resource?resource=ca-certificate
Alon
>
> oVirt Node Hypervisor release 3.0.4 (1.0.201401291204.el6)
> oVirt Engine Version: 3.4.3-1.el6
>
> Thank you
> ---
> Raul Laansoo
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
More information about the Users
mailing list