Chapter 2. Authentication and Security

2.1. TLS/SSL Certification

The Red Hat Virtualization Manager API requires Hypertext Transfer Protocol Secure (HTTPS) ^[1] for secure interaction with client software, such as the Manager's SDK and CLI components. This involves a process of obtaining a certificate from the Red Hat Virtualization Manager and importing it into the certificate store of your client.

Important

Obtain your certificate from the Red Hat Virtualization Manager using a secure network connection.

Procedure 2.1. Obtaining a Certificate

You can obtain a certificate from the Red Hat Virtualization Manager and transfer it to the client machine using one of three methods:

Method 1 - Use a command line tool to download the certificate from the Manager. Examples of command line tools include cURL and Wget, both of which are available on multiple platforms.

If using cURL:

$ curl -o rhvm.cer http://[manager-fqdn]/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

If using Wget:

$ wget -O rhvm.cer http://[manager-fqdn]/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

Method 2 - Use a web browser to navigate to the certificate located at:
```
http://[manager-fqdn]/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA
```
Depending on the chosen browser, the certificate either downloads or imports into the browser's keystore.
1. If the browser downloads the certificate: save the file as rhvm.cer.
  If the browser imports the certificate: export it from the browser's certification options and save it as rhvm.cer.
Method 3 - Log in to the Manager, export the certificate from the truststore and copy it to your client machine.
1. Log in to the Manager as the root user.
2. Export the certificate from the truststore using the Java keytool management utility:
```
$ keytool -exportcert -keystore /etc/pki/ovirt-engine/.truststore -alias cacert -storepass mypass -file rhvm.cer
```
  This creates a certificate file called rhvm.cer.
3. Copy the certificate to the client machine using the scp command:
```
$ scp rhvm.cer [username]@[client-machine]:[directory]
```

Each of these methods results in a certificate file named rhvm.cer on your client machine. An API user imports this file into the certificate store of the client.

Procedure 2.2. Importing a Certificate to a Client

Importing a certificate to a client relies on how the client itself stores and interprets certificates. This guide contains some examples on importing certificates. For clients not using Network Security Services (NSS) or Java KeyStore (JKS), see your client documentation for more information on importing a certificate.

^[1] HTTPS is described in RFC 2818 HTTP Over TLS.

Where did the comment section go?

Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Chapter 2. Authentication and Security

2.1. TLS/SSL Certification

Where did the comment section go?