Bug 1443225

Summary: Docs: Add step to update /etc/pki/ovirt-engine/ca.pem file in RHV 4 Administration Guide under "Appendix D. Red Hat Virtualization and SSL"
Product: Red Hat Enterprise Virtualization Manager Reporter: Pawan kumar Vilayatkar <pvilayat>
Component: DocumentationAssignee: rhev-docs <rhev-docs>
Status: CLOSED DUPLICATE QA Contact: rhev-docs <rhev-docs>
Severity: low Docs Contact:
Priority: unspecified    
Version: 4.0.0CC: didi, lbopf, lsurette, pvilayat, rbalakri, srevivo, ykaul
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-04-24 08:24:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Docs RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Pawan kumar Vilayatkar 2017-04-18 19:24:42 UTC 
The RHV 4.x Administration Guide does not include step to update /etc/pki/ovirt-engine/ca.pem when using self signed certificate under "Appendix D. Red Hat Virtualization and SSL". 

Below are steps to include :

# cd /etc/pki/ovirt-engine
# openssl x509 -in /tmp/<selfed_signed_certifcate> -text -noout > ca.pem
# cat apache-ca.pem >> ca.pem

systemctl restart httpd.service
systemctl restart ovirt-engine.service
Comment 1 Yaniv Kaul 2017-04-19 08:13:30 UTC 
Would be good to change the title from 'SSL' to 'SSL/TLS'.
Comment 2 Lucy Bopf 2017-04-24 08:24:14 UTC 
Tracking all SSL certificate procedure feedback in bug 1416232. This feedback will be used in that bug.

*** This bug has been marked as a duplicate of bug 1416232 ***
Comment 3 Yedidyah Bar David 2017-07-13 10:38:24 UTC 
(In reply to Pawan kumar Vilayatkar from comment #0)
> The RHV 4.x Administration Guide does not include step to update
> /etc/pki/ovirt-engine/ca.pem when using self signed certificate

Can you please explain why you need this step? Thanks.

AFAIU ca.crt should include only the ca-cert of the engine-internal CA and nothing else.

> under
> "Appendix D. Red Hat Virtualization and SSL". 
> 
> Below are steps to include :
> 
> # cd /etc/pki/ovirt-engine
> # openssl x509 -in /tmp/<selfed_signed_certifcate> -text -noout > ca.pem
> # cat apache-ca.pem >> ca.pem
> 
> systemctl restart httpd.service
> systemctl restart ovirt-engine.service
Comment 4 Yedidyah Bar David 2017-07-13 10:45:44 UTC 
(In reply to Yedidyah Bar David from comment #3)
> (In reply to Pawan kumar Vilayatkar from comment #0)
> > The RHV 4.x Administration Guide does not include step to update
> > /etc/pki/ovirt-engine/ca.pem when using self signed certificate
> 
> Can you please explain why you need this step? Thanks.

Perhaps related to bug 1146710.
Comment 6 Red Hat Bugzilla 2023-09-14 03:56:35 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days