Section 5.5 of the Cloud Engine User Guide # curl https://[RHEVM-HOST]:8443/api/templates --user [USER]@[DOMAIN]:[PASSWORD] should read # curl -k https://[RHEVM-HOST]:8443/api/templates --user [USER]@[DOMAIN]:[PASSWORD] without the -k option (for insecure) curl will output the following # curl https://rhevm2.rhev.local:8443/api/templates --user admin@internal:redacted curl: (60) Peer certificate cannot be authenticated with known CA certificates More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.
Added -k switch. My only minor reservation with this bug is that it's using an insecure method to communicate with the RHEVM server. Although I doubt there'd be any chance of a man in the middle attack when communicating between Cloud Engine and a private cloud, I still feel a little uncomfortable documenting the use of -k switch. I don't want customers to get the impression that this is standard practice.
This documentation has now been dropped to translation ahead of publication. For any further issues, please open a new a bug. LKB
This document is now publicly available on access.redhat.com. For any further issues, please raise a new bug. LKB