[ovirt-users] Upgrading oVirt 3.6 with existing HTTPS certificate signed by custom CA to oVirt 4

Beckman, Daniel Daniel.Beckman at ingramcontent.com
Wed Oct 26 20:58:00 UTC 2016


We have oVirt 3.6.7 and I am preparing to upgrade to 4.0.4 release. I read the release notes (https://www.ovirt.org/release/4.0.4/) and noted comment #4 under “Install / Upgrade from previous version”:

If you are using HTTPS certificate signed by custom certificate authority, please take a look at https://bugzilla.redhat.com/1336838 for steps which need to be done after migration to 4.0. Also please consult https://bugzilla.redhat.com/1313379 how to setup this custom CA for use with virt-viewer clients.

So I referred to the first bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=1336838), where it states as follows:

If customer wants to use custom HTTPS certificate signed by different CA, then he has to perform following steps:

1. Install custom CA (that signed HTTPS certificate) into host wide trustore (more info can be found in update-ca-trust man page)

2. Configure HTTPS certificate in Apache (this step is same as in previous versions)

3. Create new configuration file (for example /etc/ovirt-engine/engine.conf.d/99-custom-truststore.conf) with following content:
ENGINE_HTTPS_PKI_TRUST_STORE="/etc/pki/java/cacerts" ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD=""

4. Restart ovirt-engine service

I find it humorous that step # 1 suggests reading the “man page” which is only slightly better than suggesting to “google” it.

Has anyone using a custom CA for their HTTPS certificate successfully upgraded to oVirt 4? If so could you share your detailed steps? Or can anyone point me to an actual example of this procedure? I’m a little nervous about the upgrade if you can’t already tell.

Thanks,
Daniel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20161026/c308e350/attachment-0001.html>


More information about the Users mailing list