Configuring oVirt / RHEV Manager Certificate Security on browser

Posted on 127 views

In our recent articles we discussed in detail the installation and configuration of oVirt Engine and Host on different Linux systems. The links are shared below for your reference:

After deployment of oVirt Engine, the Administration Portal can be accessed on a web browser using the landing page URL:

https://your-ovirt-engine-or-rhvm-server-fqdn

You’ll then click on the Administration Portal link in the Portals section.

install-ovirt-manager-rocky-almalinux-03-1024x442

Alternatively, access the oVirt Engine Administration Portal directly on the URL:

 https://your-ovirt-engine-or-rhvm-server-fqdn/ovirt-engine/webadmin/

Where:

  • your-ovirt-engine-or-rhvm-server-fqdn is replaced with your oVirt Manager FQDN.

By attempting to access the Administration Portal landing page, you’ll may get a “Potential Security Risk” complain on your web browser may. This is because the browser does not recognize the certificate authority (CA) that signed the TLS certificate used by oVirt Engine/Manager’s web server. There are three ways to solve this issue

  1. Installing the oVirt local CA certificate in your web browser
  2. Replacing oVirt Engine TLS certificate with the one signed by a CA already trusted by your web browser.
  3. Add a security exception in your web browser so that it accepts the self-signed certificate as valid

The third method is the simplest but least secure used by many oVirt / RHEV users. In this article, we shall show how you download and install the oVirt Engine / RHEV Manager local CA in your web browser. We shall consider both Firefox and Google Chrome web browsers.

#1) Download oVirt / RHEV Manager Local CA

CA certificate can be downloaded by clicking on “Engine CA Certificate” link from the login screen.

install-ca-certificate-ovirt-engine-2048x633

The CA certificate can also be downloaded using direct URL link from oVirt Engine:

http://ovirt-engine-server-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

Paste the link on your browser while substituting ovirt-engine-server-fqdn with oVirt Engine / RHEV Manager FQDN. The CA certificate will be downloaded automatically.

Save the file in your local filesystem:

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-02

#2) Import oVirt / RHEV CA Certificate in your browser

Click “View Certificates

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-03

Click on the “Authorities” menu, and “Import” section to import CA certificate.

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-04-2048x1017

Use “All Files” option in the drop-down list and choose CA certificate you downloaded.

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-05-1024x164

Tick all options to trust the CA certificate in your browser. When done use “OK” button to save apply.

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-06-1024x670

Restart your browser and check certificate details

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-07-1024x246

It should show as verified by imported CA.

Configuring-oVirt-RHEV-Manager-Certificate-Security-on-browser-08-1024x455

We’ve successfully downloaded and installed oVirt Engine / RHEV Manager CA Certificate in our browser and eliminated the warning that appears when accessing web portal over HTTPS.

coffee

Gravatar Image
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.