vdsm的SSL证书验证过程

1. Copy the VDSM certificate of the RHEV-H(Red Hat Enterprise Virtualization Hypervisor ) host to the RHEV-M machine. This certificate should be in the host, inside the file /etc/pki/vdsm/certs/vdsmcert.pem.

译:复制虚拟机管理平台主机的vdsm证书到虚拟机管理中心的机器上,这个证书的位置在/etc/pki/vdsm/certs/vdsmcert.pem.

2. Once you have the VDSM certificate in the engine machine verify that it has been signed by the certificate authority of the engine:

译:一旦在engineserver上有了vdsm证书,就能够通过engineserver的CA验证签约情况

# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pemvdsmcert.pem: OKAs in the example above the result should be "OK", if you get any other thing then there is a problem.

3. Check that the CA certificate used by both RHEV-H and RHEV-M is the same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it is inside /etc/pki/ovirt-engine/ca.pem.

译:验证 RHEV-H与 RHEV-H的CA证书是否一样,在RHEV-H 的位置:/etc/pki/vdsm/certs/cacert.pem。在RHEV-M的位置:/etc/pki/ovirt-engine/ca.pem

4. From the RHEV-M machine verify that you can establish a SSL connection to the VDSM running in the RHEV-H machine:

译:验证在RHEV-M上,能否够建立到RHEV-H中的VDSM的SSL连接

# openssl s_client \

-connect the_ip_of_the_rhev_h:54321 \

-cert /etc/pki/ovirt-engine/certs/engine.cer \

-key /etc/pki/ovirt-engine/keys/engine_id_rsa \

-CAfile /etc/pki/ovirt-engine/ca.pem

上一篇:12个Linux进程管理命令介绍


下一篇:打豪车应用:uber详细攻略(附100元优步uber优惠码、uber优惠券、优步优惠码、优步优惠券)