1. Copy the VDSM certificate of the RHEV-H(Red Hat Enterprise Virtualization Hypervisor ) host to the RHEV-M machine. This certificate should be in the host, inside the file /etc/pki/vdsm/certs/vdsmcert.pem.
译:复制虚拟机管理平台主机的vdsm证书到虚拟机管理中心的机器上,这个证书的位置在/etc/pki/vdsm/certs/vdsmcert.pem.
2. Once you have the VDSM certificate in the engine machine verify that it has been signed by the certificate authority of the engine:
译:一旦在engineserver上有了vdsm证书,就能够通过engineserver的CA验证签约情况
# openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem vdsmcert.pemvdsmcert.pem: OKAs in the example above the result should be "OK", if you get any other thing then there is a problem.
3. Check that the CA certificate used by both RHEV-H and RHEV-M is the same. In RHEV-H it is inside /etc/pki/vdsm/certs/cacert.pem, in RHEV-M it is inside /etc/pki/ovirt-engine/ca.pem.
译:验证 RHEV-H与 RHEV-H的CA证书是否一样,在RHEV-H 的位置:/etc/pki/vdsm/certs/cacert.pem。在RHEV-M的位置:/etc/pki/ovirt-engine/ca.pem
4. From the RHEV-M machine verify that you can establish a SSL connection to the VDSM running in the RHEV-H machine:
译:验证在RHEV-M上,能否够建立到RHEV-H中的VDSM的SSL连接
# openssl s_client
-connect the_ip_of_the_rhev_h:54321
-cert /etc/pki/ovirt-engine/certs/engine.cer
-key /etc/pki/ovirt-engine/keys/engine_id_rsa
-CAfile /etc/pki/ovirt-engine/ca.pem