RHV-M CA certificate download link is not updated when using custom certificates

Solution Verified - Updated -


  • On a default RHV-M installation, /etc/pki/ovirt-engine/apache-ca.pem is a symbolic link pointing to /etc/pki/ovirt-engine/ca.pem.

    # ls -l /etc/pki/ovirt-engine/apache-ca.pem
    lrwxrwxrwx. 1 root root 28 Jan 20 16:18 /etc/pki/ovirt-engine/apache-ca.pem -> /etc/pki/ovirt-engine/ca.pem
  • After installing custom TLS certificates for Apache, the symbolic link /etc/pki/ovirt-engine/apache-ca.pem is removed and replaced with a custom CA certificate which does not change the file served by the download link.

  • When using a custom TLS certificate for Apache on RHV-M, the CA Certificate download link (http://rhvm.example.org/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA) on the RHV-M web UI landing page, still provides the engine certificate /etc/pki/ovirt-engine/ca.pem instead of the custom CA certificate /etc/pki/ovirt-engine/apache-ca.pem.

  • The CA certificate used for the web UI changes but the URL still serves /etc/pki/ovirt-engine/ca.pem which is not valid for clients to interact with Apache.

  • Why does the CA Certificate download link not retrieve the custom CA certificate from /etc/pki/ovirt-engine/apache-ca.pem?

CA Certificate download link on RHV-M UI
CA Certificate download link on RHV-M UI


  • Red Hat Virtualization (RHV)
    • 4.3
    • 4.4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content