Task:
Obtain the top-level CA certificate for the RHV/oVirt host(s) for usage with the REST API.
Steps:
1. Remote into the workstation/host performing the REST API calls:
$ ssh myadminid@mwrest.mindwatering.net
<enter pwd if not using private key>
2. Change to the local certificate folder:
- The Ubuntu 20.x and later location is: /usr/share/ca-certificates/
$ cd /usr/local/share/ca-certificates/
3a. Display the TLS certificate information:
$ openssl s_client -connect mwrhv1.mindwatering.net:443 -showcerts < /dev/null
<view output>
Notes:
- The certificates, top-to-bottom, are server to top-level CA.
- The task is to get the last certifery
3b. Re-run to place the certs to a file:
$ echo | openssl s_client -mwrhv1.mindwatering.net:443 2>&1 | sed --quiet '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > mwrhv1.mindwatering.net
Reminder:
- The mwrhv1.mindwatering.net file will have all the certificates starting with the server first and the final CA last.
4. Edit the file removing the server certificate and leaving the lower top-level CA certificate:
Note:
- Keep the last -BEGIN CERTIFICATE- through to the final -END CERTIFICATE-section
- Once in vi, use a quick dd to delete unwanted lines
- Use: <esc>:wq to save
$ vi mwrhv1.mindwatering.net
previous page
|