[ovirt-users] oVirt node vdsm certificate issue

Alon Bar-Lev alonbl at redhat.com
Mon Sep 29 13:14:42 UTC 2014 


----- Original Message -----
> From: "Raul Laansoo" <raul.laansoo at bigbank.ee>
> To: "Alon Bar-Lev" <alonbl at redhat.com>
> Cc: "users" <users at ovirt.org>
> Sent: Monday, September 29, 2014 3:59:00 PM
> Subject: Re: [ovirt-users] oVirt node vdsm certificate issue
> 
> Hi Alon.
> 
> I get our internal CA certificate. It could be that I have made some changes
> to the configuration I forgot.

So ca.pem is not the engine internal ca certificate, please fix so that apache-ca.pem will contain your ca while ca.pem will remain.

> 
> Regards.
> 
> Raul.
> 
> 
> ----- Original Message -----
> > From: "Alon Bar-Lev" <alonbl at redhat.com>
> > To: "Raul Laansoo" <raul.laansoo at bigbank.ee>
> > Cc: "users" <users at ovirt.org>
> > Sent: Monday, 29 September, 2014 2:45:24 PM
> > Subject: Re: [ovirt-users] oVirt node vdsm certificate issue
> > 
> > 
> > 
> > ----- Original Message -----
> > > From: "Raul Laansoo" <raul.laansoo at bigbank.ee>
> > > To: "users" <users at ovirt.org>
> > > Sent: Monday, September 29, 2014 2:40:33 PM
> > > Subject: [ovirt-users] oVirt node vdsm certificate issue
> > > 
> > > Hi.
> > > 
> > > I have configured Engine webservice to use certificate issued by internal
> > > CA.
> > > According to http://www.ovirt.org/Features/PKI the CA certificates must
> > > be
> > > in /etc/pki/ovirt-engine/apache-ca.pem. I have kept the self signed
> > > (Engine
> > > internal) certificate (previously linked from
> > > /etc/pki/ovirt-engine/apache-ca.pem to /etc/pki/ovirt-engine/ca.pem) in
> > > /etc/pki/ovirt-engine/ca.pem.
> > > 
> > > When I want to approve/install node host, the
> > > /etc/pki/ovirt-engine/apache-ca.pem file is downloaded to node as
> > > /etc/pki/vdsm/certs/cacert.pem. Because vdsmcert.pem is not signed by
> > > this
> > > CA, libvirt fails to start. How should I set up Engine local and internal
> > > CA
> > > files, so that they would not conflict?
> > 
> > Hello,
> > 
> > What have you changed apart from the above?
> > What certificate do you get out of:
> > curl
> > http://@HOST@/ovirt-engine/services/pki-resource?resource=ca-certificate
> > 
> > Alon
> > 
> > > 
> > > oVirt Node Hypervisor release 3.0.4 (1.0.201401291204.el6)
> > > oVirt Engine Version: 3.4.3-1.el6
> > > 
> > > Thank you
> > > ---
> > > Raul Laansoo
> > > _______________________________________________
> > > Users mailing list
> > > Users at ovirt.org
> > > http://lists.ovirt.org/mailman/listinfo/users
> > > 
> > 
>

More information about the Users mailing list