Thanks Alon and Thomas! iordan
On Wed, Nov 20, 2013 at 1:51 PM, Alon Bar-Lev <[email protected]> wrote: > > > ----- Original Message ----- > > From: "i iordanov" <[email protected]> > > To: [email protected] > > Sent: Wednesday, November 20, 2013 6:50:04 PM > > Subject: [Users] replacing self-signed certificates > > > > Hello, > > > > I searched around but could not come up with specific instructions for > how to > > replace the self-signed certificates in an oVirt 3.3 setup with > > non-self-signed certificates. I need to ensure that my oVirt/SPICE client > > actually does the right thing when connecting to a machine with a 3rd > party > > signed certificate. > > > > Presumably, I would be able to adapt the instructions provided here: > > http://www.ovirt.org/How_to_change_engine_host_name > > > > right? Which steps need to be modified? If I hammer at it long enough, I > > would probably succeed in getting it to work at some point, but I was > hoping > > for somebody more experienced to help me over the initial hurdle. > > > > In case I have to reinstall to use non-self-signed certificates, how do > I go > > about preparing the environment prior to running engine-setup? > > Usually there is no need to replace any other certificate than the > certificate that is used for apache frontend. > > No need to touch the spice and other certificates and keys. > > Replace /etc/pki/ovirt-engine/apache-ca.pem with your 3rd party CA > certificate chain. > Replace /etc/pki/ovirt-engine/keys/apache.p12 with key store. > Extract key from apache.p12 to > /etc/pki/ovirt-engine/keys/apache.key.nopass do not protect with password. > Extract certificate from apache.p12 to > /etc/pki/ovirt-engine/certs/apache.cer > > Alternatively, you can configure the mod_ssl as you wish. > > Once you do this, if you have ovirt-node already installed, delete > /etc/pki/vdsm/certs/engine_web_ca.pem to allow fetch ssl trust and allow > registration in future. > > Regards, > Alon Bar-Lev. > -- The conscious mind has only one thread of execution.
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
