Appendix D. Red Hat Enterprise Virtualization and SSL
D.1. Replacing the Red Hat Enterprise Virtualization Manager SSL Certificate
Summary
You want to use your organization's commercially signed certificate to identify your Red Hat Enterprise Virtualization Manager to users connecting over https.
Note
Using a commercially issued certificate for https connections does not affect the certificate used for authentication between your Manager and hosts, they will continue to use the self-signed certificate generated by the Manager.
Prerequisites
This procedure requires a PEM formatted certificate from your commercial certificate issuing authority, a .nokey file, and a .cer file. The .nokey and .cer files are sometimes distributed as a certificate-key bundle in the P12 format.
This procedure assumes that you have a certificate-key bundle in the P12 format.
Procedure D.1. Replacing the Red Hat Enterprise Virtualization Manager Apache SSL Certificate
- The Manager has been configured to use
/etc/pki/ovirt-engine/apache-ca.pem, which is symbolically linked to/etc/pki/ovirt-engine/ca.pem. Remove the symbolic link.# rm /etc/pki/ovirt-engine/apache-ca.pem
- Save your commercially issued certificate as
/etc/pki/ovirt-engine/apache-ca.pem.mv YOUR-3RD-PARTY-CERT.pem /etc/pki/ovirt-engine/apache-ca.pem
- Move your P12 bundle to
/etc/pki/ovirt-engine/keys/apache.p12. - Extract the key from the bundle.
# openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass
- Extract the certificate from the bundle.
# openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer
- Restart the Apache server.
# service httpd restart
Result
Your users can now connect to the portals without being warned about the authenticity of the certificate used to encrypt https traffic.