rhevm-shell with commercial SSL certificate
I have switched RHEV-M to use a commercial SSL certificate by editing /etc/httpd/conf.d/ssl.conf.
When I tried to use rhevm-shell, the connection failed:
[root@desktop certs]# rhevm-shell -c -l https://desktop.example.com/api -A /etc/pki/ovirt-engine/desktop_example_com.ca-bundle Username: admin@internal Password: error: [ERROR]::Connection failure, [Errno 1] _ssl.c:490: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
rhevm-shell is able to connect if I download a CA Cert file from curl.haxx.se and use that as the CA_FILE.
[root@desktop tmp]# curl -O http://curl.haxx.se/ca/cacert.pem
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 245k 100 245k 0 0 307k 0 --:--:-- --:--:-- --:--:-- 350k
[root@desktop tmp]# rhevm-shell -c -l https://desktop.example.com/api -A ./cacert.pem
Username: admin@internal
Password:
==========================================
>>> connected to RHEVM manager 3.1.0.0 <<<
==========================================
++++++++++++++++++++++++++++++++++++++++++
Welcome to RHEVM shell
++++++++++++++++++++++++++++++++++++++++++
[RHEVM shell (connected)]#
Responses
The easiest workaround wound be to use -I and ignore the certificate, but are you sure the certificate pair you have is valid? If it is, you should not be seeing the "SSL3_GET_SERVER_CERTIFICATE:certificate verify failed" error
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
