Configuring oVirt / RHEV Manager Certificate Security on browser

In our recent articles we discussed in detail the installation and configuration of oVirt Engine and Host on different Linux systems. The links are shared below for your reference:

After deployment of oVirt Engine, the Administration Portal can be accessed on a web browser using the landing page URL:

https://your-ovirt-engine-or-rhvm-server-fqdn

You’ll then click on the Administration Portal link in the Portals section.

Alternatively, access the oVirt Engine Administration Portal directly on the URL:

 https://your-ovirt-engine-or-rhvm-server-fqdn/ovirt-engine/webadmin/

Where:

• your-ovirt-engine-or-rhvm-server-fqdn is replaced with your oVirt Manager FQDN.

By attempting to access the Administration Portal landing page, you’ll may get a “Potential Security Risk” complain on your web browser may. This is because the browser does not recognize the certificate authority (CA) that signed the TLS certificate used by oVirt Engine/Manager’s web server. There are three ways to solve this issue

1. Installing the oVirt local CA certificate in your web browser
2. Replacing oVirt Engine TLS certificate with the one signed by a CA already trusted by your web browser.
3. Add a security exception in your web browser so that it accepts the self-signed certificate as valid

The third method is the simplest but least secure used by many oVirt / RHEV users. In this article, we shall show how you download and install the oVirt Engine / RHEV Manager local CA in your web browser. We shall consider both Firefox and Google Chrome web browsers.

#1) Download oVirt / RHEV Manager Local CA

CA certificate can be downloaded by clicking on “Engine CA Certificate” link from the login screen.

The CA certificate can also be downloaded using direct URL link from oVirt Engine:

http://ovirt-engine-server-fqdn/ovirt-engine/services/pki-resource?resource=ca-certificate&format=X509-PEM-CA

Paste the link on your browser while substituting ovirt-engine-server-fqdn with oVirt Engine / RHEV Manager FQDN. The CA certificate will be downloaded automatically.

Save the file in your local filesystem:

#2) Import oVirt / RHEV CA Certificate in your browser

Click “View Certificates“

Click on the “Authorities” menu, and “Import” section to import CA certificate.

Use “All Files” option in the drop-down list and choose CA certificate you downloaded.

Tick all options to trust the CA certificate in your browser. When done use “OK” button to save apply.

Restart your browser and check certificate details

It should show as verified by imported CA.

We’ve successfully downloaded and installed oVirt Engine / RHEV Manager CA Certificate in our browser and eliminated the warning that appears when accessing web portal over HTTPS.

More guides on oVirt Virtualization platform: