----- Original Message ----- > From: "Raul Laansoo" <raul.laan...@bigbank.ee> > To: "Alon Bar-Lev" <alo...@redhat.com> > Cc: "users" <users@ovirt.org> > Sent: Monday, September 29, 2014 3:59:00 PM > Subject: Re: [ovirt-users] oVirt node vdsm certificate issue > > Hi Alon. > > I get our internal CA certificate. It could be that I have made some changes > to the configuration I forgot.
So ca.pem is not the engine internal ca certificate, please fix so that apache-ca.pem will contain your ca while ca.pem will remain. > > Regards. > > Raul. > > > ----- Original Message ----- > > From: "Alon Bar-Lev" <alo...@redhat.com> > > To: "Raul Laansoo" <raul.laan...@bigbank.ee> > > Cc: "users" <users@ovirt.org> > > Sent: Monday, 29 September, 2014 2:45:24 PM > > Subject: Re: [ovirt-users] oVirt node vdsm certificate issue > > > > > > > > ----- Original Message ----- > > > From: "Raul Laansoo" <raul.laan...@bigbank.ee> > > > To: "users" <users@ovirt.org> > > > Sent: Monday, September 29, 2014 2:40:33 PM > > > Subject: [ovirt-users] oVirt node vdsm certificate issue > > > > > > Hi. > > > > > > I have configured Engine webservice to use certificate issued by internal > > > CA. > > > According to http://www.ovirt.org/Features/PKI the CA certificates must > > > be > > > in /etc/pki/ovirt-engine/apache-ca.pem. I have kept the self signed > > > (Engine > > > internal) certificate (previously linked from > > > /etc/pki/ovirt-engine/apache-ca.pem to /etc/pki/ovirt-engine/ca.pem) in > > > /etc/pki/ovirt-engine/ca.pem. > > > > > > When I want to approve/install node host, the > > > /etc/pki/ovirt-engine/apache-ca.pem file is downloaded to node as > > > /etc/pki/vdsm/certs/cacert.pem. Because vdsmcert.pem is not signed by > > > this > > > CA, libvirt fails to start. How should I set up Engine local and internal > > > CA > > > files, so that they would not conflict? > > > > Hello, > > > > What have you changed apart from the above? > > What certificate do you get out of: > > curl > > http://@HOST@/ovirt-engine/services/pki-resource?resource=ca-certificate > > > > Alon > > > > > > > > oVirt Node Hypervisor release 3.0.4 (1.0.201401291204.el6) > > > oVirt Engine Version: 3.4.3-1.el6 > > > > > > Thank you > > > --- > > > Raul Laansoo > > > _______________________________________________ > > > Users mailing list > > > Users@ovirt.org > > > http://lists.ovirt.org/mailman/listinfo/users > > > > > > _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users