ovirt 替换自主签署证书

时间:2024-02-01 18:08:45

ovirt 替换自主签署证书

2020-04-07 18:25  不能说的秘密~  阅读(...)  评论(...编辑  收藏

需求我自己写了一个python后台,添加上了ovirt 引擎web上,如图 但第一次访问时需要,需要接受两次不安全连接,ovirt  web使用https,我往里面加http,加不进去。

只能同样使用https。我想使用ip地址访问然后只接受一次不安全连接。(程序使用跟ovirt同样的证书)客户使用起来方便

 

 

 

 

自主签署证书

mkdir ca

创建私钥

openssl genrsa -out ca/apache-ca.pem 1024

创建证书请求

openssl req -new -out ca/ca-req.csr -key ca/apache-ca.pem

 

 

自签署证书

openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/apache-ca.pem -days 3650

将证书导出成的.p12格式

openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/apache-ca.pem -out ca/apache.p12

 

下面开始替换ovirt ssl

把原来的删除或者备份

cp /etc/pki/ovirt-engine/apache-ca.pem /etc/pki/ovirt-engine/apache-ca.pem.bak 

rm -rf /etc/pki/ovirt-engine/apache-ca.pem

cp /etc/pki/ovirt-engine/keys/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12.bak

rm -rf  /etc/pki/ovirt-engine/keys/apache.p12

cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.bak

rm -rf /etc/pki/ovirt-engine/keys/apache.key.nopass

cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.bak

rm -rf  /etc/pki/ovirt-engine/certs/apache.cer

 

mv ca/apache-ca.pem /etc/pki/ovirt-engine/

cp ca/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12

从p12包中提取出密钥

openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass

openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer

systemctl restart httpd