[ovirt-devel] Re: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
For anyone in the future looking for this solution, look at my post in this other thread: https://lists.ovirt.org/archives/list/us...@ovirt.org/thread/JEW5WIRD67WMF6TVG7367ZMSHX2KYGGV/ Full credit to the poster before me there that was the final step to finding what I needed to make it work for us! ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/ODX5TBKZZCZASKM5JGZ2KKREHPFZR3A2/
[ovirt-devel] Re: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
> On 26 Sep 2018, at 19:42, Dan Kenigsberg wrote: > > > >> On Wed, Sep 26, 2018 at 6:35 PM Edward Haas wrote: >> I should have known better. >> Deleting /etc/pki/vdsm and re-installing VDSM solved it. >> >> There is probably a smarter/simpler way to do this (delete the folder and >> run 'vdsm-tool configure --force'?). > > yes, more specifically: `vdsm-tool configure --module certificates` I would expect running it or the other general version to replace the existing expired certificate. At the minimum it should check and tell me what should I do. > >> >> Thanks, >> Edy. >> >>> On Wed, Sep 26, 2018 at 6:16 PM Edward Haas wrote: >>> Hi, >>> >>> I have a VM which acts as an oVirt host with VDSM installed. I use it for >>> testing without connecting it to Engine. >>> >>> Recently VDSM fails to come up and I see this error: >>> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+: 12176: >>> error : virNetTLSContextCheckCertTimes:154 : The server certificate >>> /etc/pki/vdsm/certs/vdsmcert.pem has expired > > Congratulations, you've been using the same deployment for a year! I’m pretty sure I never had to delete that folder until now. Vdsm is built, installed and removed in an endless loop on a regular basis (including the configured part). > >>> >>> Any hint on how to generate or fetch a new certificate without the help of >>> Engine? >>> >>> Thanks, >>> Edy. >> ___ >> Devel mailing list -- devel@ovirt.org >> To unsubscribe send an email to devel-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYMHS7XML7IW2E7XVOUIB4TS/ ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/P6C5OPGGWWGS3V7BJ6Q7G7JUVXQFOWEZ/
[ovirt-devel] Re: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
On Thu, Sep 27, 2018 at 12:31 AM Edward Haas wrote: > > > On 26 Sep 2018, at 19:42, Dan Kenigsberg wrote: > > > > On Wed, Sep 26, 2018 at 6:35 PM Edward Haas wrote: >> >> I should have known better. >> Deleting /etc/pki/vdsm and re-installing VDSM solved it. >> >> There is probably a smarter/simpler way to do this (delete the folder and >> run 'vdsm-tool configure --force'?). > > > yes, more specifically: `vdsm-tool configure --module certificates` > > > I would expect running it or the other general version to replace the > existing expired certificate. It would be wrong to replace an expired production certificate with a stupid self-signed one (which is what `configure`) does, and only for devel/testing/bootstrapping purposes. > At the minimum it should check and tell me what should I do. lib/vdsm/tool/configurators/certificates.py https://xenoterracide.com/post/dont-say-patches-welcome/ > > >> >> Thanks, >> Edy. >> >> On Wed, Sep 26, 2018 at 6:16 PM Edward Haas wrote: >>> >>> Hi, >>> >>> I have a VM which acts as an oVirt host with VDSM installed. I use it for >>> testing without connecting it to Engine. >>> >>> Recently VDSM fails to come up and I see this error: >>> Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+: 12176: >>> error : virNetTLSContextCheckCertTimes:154 : The server certificate >>> /etc/pki/vdsm/certs/vdsmcert.pem has expired > > > Congratulations, you've been using the same deployment for a year! > > > I’m pretty sure I never had to delete that folder until now. Vdsm is built, > installed and removed in an endless loop on a regular basis (including the > configured part). > > >>> >>> Any hint on how to generate or fetch a new certificate without the help of >>> Engine? >>> >>> Thanks, >>> Edy. >> >> ___ >> Devel mailing list -- devel@ovirt.org >> To unsubscribe send an email to devel-le...@ovirt.org >> Privacy Statement: https://www.ovirt.org/site/privacy-policy/ >> oVirt Code of Conduct: >> https://www.ovirt.org/community/about/community-guidelines/ >> List Archives: >> https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYMHS7XML7IW2E7XVOUIB4TS/ ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/H7TFEMG6SRGDYM3GILDIW5KYL7DI2CWQ/
[ovirt-devel] Re: [VDSM] Started getting virNetTLSContextCheckCertTimes:154 : The server certificate /etc/pki/vdsm/certs/vdsmcert.pem has expired
I should have known better. Deleting /etc/pki/vdsm and re-installing VDSM solved it. There is probably a smarter/simpler way to do this (delete the folder and run 'vdsm-tool configure --force'?). Thanks, Edy. On Wed, Sep 26, 2018 at 6:16 PM Edward Haas wrote: > Hi, > > I have a VM which acts as an oVirt host with VDSM installed. I use it for > testing without connecting it to Engine. > > Recently VDSM fails to come up and I see this error: > Sep 26 17:58:18 localhost libvirtd: 2018-09-26 14:58:18.978+: 12176: > error : virNetTLSContextCheckCertTimes:154 : The server certificate > /etc/pki/vdsm/certs/vdsmcert.pem has expired > > Any hint on how to generate or fetch a new certificate without the help of > Engine? > > Thanks, > Edy. > ___ Devel mailing list -- devel@ovirt.org To unsubscribe send an email to devel-le...@ovirt.org Privacy Statement: https://www.ovirt.org/site/privacy-policy/ oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/devel@ovirt.org/message/MLAYDC74DYMHS7XML7IW2E7XVOUIB4TS/