Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

Appendix D. Red Hat Enterprise Virtualization and SSL

Warning

Do not change the permissions and ownerships for the /etc/pki directory or any subdirectories. The permission for the /etc/pki and the /etc/pki/ovirt-engine directory must remain as the default 755.
You want to use your organization's commercially signed certificate to identify your Red Hat Enterprise Virtualization Manager to users connecting over HTTPS.

Note

Using a commercially issued certificate for https connections does not affect the certificate used for authentication between your Manager and hosts, they will continue to use the self-signed certificate generated by the Manager.
Prerequisites

This procedure requires a PEM formatted certificate from your commercial certificate issuing authority, a .nokey file, and a .cer file. The .nokey and .cer files are sometimes distributed as a certificate-key bundle in the P12 format.

This procedure assumes that you have a certificate-key bundle in the P12 format.

Procedure D.1. Replacing the Red Hat Enterprise Virtualization Manager Apache SSL Certificate

  1. The Manager has been configured to use /etc/pki/ovirt-engine/apache-ca.pem, which is symbolically linked to /etc/pki/ovirt-engine/ca.pem. Remove the symbolic link. 
    # rm /etc/pki/ovirt-engine/apache-ca.pem
    Copy to Clipboard Toggle word wrap
  2. Save your commercially issued certificate as /etc/pki/ovirt-engine/apache-ca.pem. The certificate chain must be complete up to the root certificate. The chain order is important and should be from the last intermediate certificate to the root certificate. 
    mv YOUR-3RD-PARTY-CERT.pem /etc/pki/ovirt-engine/apache-ca.pem
    Copy to Clipboard Toggle word wrap
  3. Move your P12 bundle to /etc/pki/ovirt-engine/keys/apache.p12.
  4. Extract the key from the bundle. 
    # openssl pkcs12 -in  /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass
    Copy to Clipboard Toggle word wrap
  5. Extract the certificate from the bundle. 
    # openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer
    Copy to Clipboard Toggle word wrap
  6. Restart the Apache server. 
    # service httpd restart
    Copy to Clipboard Toggle word wrap
Your users can now connect to the portals without being warned about the authenticity of the certificate used to encrypt https traffic.

Important

Replacing the certificate can cause the log collector to fail, as documented in https://access.redhat.com/solutions/458713. To avoid this failure, edit the log collector's configuration:
  1. Export the CA certificate from the CA server and copy it to the Red Hat Enterprise Virtualization Manager server.
  2. Point the log collector to the new location by adding the following to /etc/ovirt-engine/logcollector.conf: 
    cert-file=/path/to/new/CA/file
    Copy to Clipboard Toggle word wrap
Volver arriba
Red Hat logoGithubredditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar. Explore nuestras recientes actualizaciones.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

Theme

© 2025 Red Hat