Loosely based on the documentation at https://access.redhat.com/documentation/en/red-hat-virtualization/4.0/paged/administration-guide/appendix-d-red-hat-virtualization-and-ssl , I used IPA to generate, request, install new certificates, e.g.: # cd /etc/pki/ovirt-engine/certs # rm /etc/pki/ovirt-engine/apache-ca.pem # rm /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/keys/apache.key.nopass # ipa-getcert request -f /etc/pki/ovirt-engine/certs/apache.cer -k /etc/pki/ovirt-engine/keys/apache.key.nopass (verify file names here) # systemctl restart httpd Apache restarts, and the certificate is the new (and valid), but presents an error: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target API access (cloudforms) fails as well. I *assume* that I also replaced the internal certs somehow, but don't know how to repair.
*** This bug has been marked as a duplicate of bug 1336838 ***