Menu Close

11.5.6. Setting up the CA certificate for RHV

Download the CA certificate from the Red Hat Virtualization (RHV) Manager and set it up on the installation machine.

You can download the certificate from a webpage on the RHV Manager or by using a curl command.

Later, you provide the certificate to the installation program.

Procedure

  1. Use either of these two methods to download the CA certificate:

    • Go to the Manager’s webpage, https://<engine-fqdn>/ovirt-engine/. Then, under Downloads, click the CA Certificate link.
    • Run the following command:

      $ curl -k 'https://<engine-fqdn>/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA' -o /tmp/ca.pem  1
      1
      For <engine-fqdn>, specify the fully qualified domain name of the RHV Manager, such as rhv-env.virtlab.example.com.
  2. Configure the CA file to grant rootless user access to the Manager. Set the CA file permissions to have an octal value of 0644 (symbolic value: -rw-r—​r--):

    $ sudo chmod 0644 /tmp/ca.pem
  3. For Linux, copy the CA certificate to the directory for server certificates. Use -p to preserve the permissions:

    $ sudo cp -p /tmp/ca.pem /etc/pki/ca-trust/source/anchors/ca.pem
  4. Add the certificate to the certificate manager for your operating system:

    • For macOS, double-click the certificate file and use the Keychain Access utility to add the file to the System keychain.
    • For Linux, update the CA trust:

      $ sudo update-ca-trust
      注記

      If you use your own certificate authority, make sure the system trusts it.

Additional Resources

To learn more, see Authentication and Security in the RHV documentation.