需求我自己寫了一個python后台,添加上了ovirt 引擎web上,如圖 但第一次訪問時需要,需要接受兩次不安全連接,ovirt web使用https,我往里面加http,加不進去。
只能同樣使用https。我想使用ip地址訪問然后只接受一次不安全連接。(程序使用跟ovirt同樣的證書)客戶使用起來方便
自主簽署證書
mkdir ca
創建私鑰
openssl genrsa -out ca/apache-ca.pem 1024
創建證書請求
openssl req -new -out ca/ca-req.csr -key ca/apache-ca.pem
自簽署證書
openssl x509 -req -in ca/ca-req.csr -out ca/ca-cert.pem -signkey ca/apache-ca.pem -days 3650
將證書導出成的.p12格式
openssl pkcs12 -export -clcerts -in ca/ca-cert.pem -inkey ca/apache-ca.pem -out ca/apache.p12
下面開始替換ovirt ssl
把原來的刪除或者備份
cp /etc/pki/ovirt-engine/apache-ca.pem /etc/pki/ovirt-engine/apache-ca.pem.bak
rm -rf /etc/pki/ovirt-engine/apache-ca.pem
cp /etc/pki/ovirt-engine/keys/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12.bak
rm -rf /etc/pki/ovirt-engine/keys/apache.p12
cp /etc/pki/ovirt-engine/keys/apache.key.nopass /etc/pki/ovirt-engine/keys/apache.key.nopass.bak
rm -rf /etc/pki/ovirt-engine/keys/apache.key.nopass
cp /etc/pki/ovirt-engine/certs/apache.cer /etc/pki/ovirt-engine/certs/apache.cer.bak
rm -rf /etc/pki/ovirt-engine/certs/apache.cer
mv ca/apache-ca.pem /etc/pki/ovirt-engine/
cp ca/apache.p12 /etc/pki/ovirt-engine/keys/apache.p12
從p12包中提取出密鑰
openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nocerts -nodes > /etc/pki/ovirt-engine/keys/apache.key.nopass
openssl pkcs12 -in /etc/pki/ovirt-engine/keys/apache.p12 -nokeys > /etc/pki/ovirt-engine/certs/apache.cer
systemctl restart httpd