Chapter 2. Authentication and Security

Procedure 2.1. Obtaining a Certificate

1. Method 1 - Use a command line tool to download the certificate from the Manager. Examples of command line tools include cURL and Wget, both of which are available on multiple platforms.
   1. If using cURL:

      $ curl -o rhevm.cer http://[rhevm-server]/ca.crt

      Copy to Clipboard Toggle word wrap
   2. If using Wget:

      $ wget -O rhevm.cer http://[rhevm-server]/ca.crt

      Copy to Clipboard Toggle word wrap
2. Method 2 - Use a web browser to navigate to the certificate located at:

   http://[rhevm-server]/ca.crt

   Copy to Clipboard Toggle word wrap

   Depending on the chosen browser, the certificate either downloads or imports into the browser's keystore.
   1. If the browser downloads the certificate: save the file as rhevm.cer.
      If the browser imports the certificate: export it from the browser's certification options and save it as rhevm.cer.
3. Method 3 - Log in to the Manager, export the certificate from the truststore and copy it to your client machine.
   1. Log in to the Manager as the root user.
   2. Export the certificate from the truststore using the Java keytool management utility:

      $ keytool -exportcert -keystore /etc/pki/ovirt-engine/.truststore -alias cacert -storepass mypass -file rhevm.cer

      Copy to Clipboard Toggle word wrap
      This creates a certificate file called rhevm.cer.
   3. Copy the certificate to the client machine using the scp command:

      $ scp rhevm.cer [username]@[client-machine]:[directory]

      Copy to Clipboard Toggle word wrap

Procedure 2.2. Importing a Certificate to a Client

• Importing a certificate to a client relies on how the client itself stores and interprets certificates. This guide contains some examples on importing certificates. For clients not using Network Security Services (NSS) or Java KeyStore (JKS), see your client documentation for more information on importing a certificate.