Appendix D. Red Hat Enterprise Virtualization and SSL
D.1. Replacing the Red Hat Enterprise Virtualization Manager SSL Certificate
/etc/pkidirectory or any subdirectories. The permission for the
/etc/pki/ovirt-enginedirectory must remain as the default 755.
This procedure requires a PEM formatted certificate from your commercial certificate issuing authority, a .nokey file, and a .cer file. The .nokey and .cer files are sometimes distributed as a certificate-key bundle in the P12 format.
Procedure D.1. Replacing the Red Hat Enterprise Virtualization Manager Apache SSL Certificate
- The Manager has been configured to use
/etc/pki/ovirt-engine/apache-ca.pem, which is symbolically linked to
/etc/pki/ovirt-engine/ca.pem. Remove the symbolic link.
# rm /etc/pki/ovirt-engine/apache-ca.pem
- Save your commercially issued certificate as
/etc/pki/ovirt-engine/apache-ca.pem. The certificate chain must be complete up to the root certificate. The chain order is important and should be from the last intermediate certificate to the root certificate.
mv YOUR-3RD-PARTY-CERT.pem /etc/pki/ovirt-engine/apache-ca.pem
- Move your P12 bundle to
- Extract the key from the bundle.
# openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass
- Extract the certificate from the bundle.
# openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer
- Restart the Apache server.
# service httpd restart
- Export the CA certificate from the CA server and copy it to the Red Hat Enterprise Virtualization Manager server.
- Point the log collector to the new location by adding the following to