VDSM SSL Certificate verification process

1. Copy the VDSM Certificate of the Rhev-h (Red Hat Enterprise virtualization Hypervisor) host to the Rhev-m machine. This certificate should is in the host, inside the FILE/ETC/PKI/VDSM/CERTS/VDSMCERT.PEM.

To replicate the VDSM certificate of the virtual machine management platform host to the Virtual Machine Management Center machine, this certificate is located in/etc/pki/vdsm/certs/vdsmcert.pem.

2. Once you had the VDSM certificate in the engine, verify that it had been signed by the certificate Authority of The engine:

Once you have the VDSM certificate on the engine server, you can verify the contract through the engine server's CA

# OpenSSL Verify-cafile/etc/pki/ovirt-engine/ca.pem Vdsmcert.pemvdsmcert.pem:OKAs in the example above the result Shoul d be ' OK ' if you get any other thing then there is a problem.

3. Check the CA certificate used by both Rhev-h and Rhev-m are the same. In Rhev-h it was Inside/etc/pki/vdsm/certs/cacert.pem, in rhev-m it was INSIDE/ETC/PKI/OVIRT-ENGINE/CA.PEM.

Verify that Rhev-h is the same as the CA certificate for rhev-h in rhev-h location:/etc/pki/vdsm/certs/cacert.pem, location in rhev-m:/etc/pki/ovirt-engine/ca.pem

4. From the Rhev-m machine verify, the can establish a SSL connection to the VDSM running on the rhev-h machine:

Verify that the SSL connection to the VDSM in Rhev-h can be established on the RHEV-M

# OpenSSL s_client \

-connect the_ip_of_the_rhev_h:54321 \

-cert/etc/pki/ovirt-engine/certs/engine.cer \

-KEY/ETC/PKI/OVIRT-ENGINE/KEYS/ENGINE_ID_RSA \

-cafile/etc/pki/ovirt-engine/ca.pem

VDSM SSL Certificate verification process