Hi, you can find descriptions and file locations of oVirt PKI infrastructure at [1]. There are also 'pki-*' tools for managing oVirt PKI infra, which are available on oVirt engine host after installation [2].
Regards Martin [1] https://www.ovirt.org/develop/release-management/features/infra/pki/ [2] /usr/share/ovirt-engine/bin On Fri, Sep 22, 2017 at 2:39 AM, pengyixiang <yxpengi...@163.com> wrote: > hello, everyone > I'm a newbie in ovirt and ssl, and I see follows in Redhat Bugzilla: > ============================================================ > 1. Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine. > This certificate should be in the host, inside the file > /etc/pki/vdsm/certs/vdsmcert.pem. > 2. Once you have the VDSM certificate in the engine machine verify that it > has been signed by the certificate authority of the engine: # openssl > verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pem vdsmcert.pem: OK > As in the example above the result should be "OK", if you get any other > thing then there is a problem. > 3. Check that the CA certificate used by both RHEV-H and RHEV-M is the > same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it > is inside /etc/pki/ovirt-engine/ca.pem. > =========================================================== > then I have some questions: > 1.how did the vdsmcert.pem generated? > 2.i saw vdsmcert.pem in vdsm as the same as certs/106F.pem in engine, > but vdsmcert.pem's size is 4k, and 106F.pem's size is 8k,why's this? > 3.cacert.pem : 1000.pem is the same as vdsmcert.pem : 106F.pem, so as > first " Copy the VDSM certificate of the RHEV-H host to the RHEV-M machine" > may be not right, there's size is different? > 4.As i know these files in engine is used: engine.p12, .truststore; > and these in vdsm is used: vdsmkey.pem, vdsmcert.pem, cacert.pem, how did > these works? > > Thanks in Advance > > > > > _______________________________________________ > Devel mailing list > Devel@ovirt.org > http://lists.ovirt.org/mailman/listinfo/devel >
_______________________________________________ Devel mailing list Devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/devel