subject:"\[ovirt\-users\] Re\: Failed to read or parse '\/etc\/pki\/ovirt\-engine\/keys\/engine.p12'"

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-15 Thread - tineidae via Users

I remember having this issue trying to replace my dead centos8 hosted engine on 
to new physical host running centos9 stream. The issues was that rc2 is not 
supported in el9, no matter what, i used openssl to convert all all p12 in 
/etc/pki/ovirt-engine/keys to use aes instead.
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/BDCV2RNFODXO5HKD4RR6422FB7V7P3JF/

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-12 Thread Frank Wall


On 2023-05-12 15:34 Volenbovskyi, Konstantin wrote:

what are 'source' and 'target' ovirt engine versions?


I was attempting to perform a direct upgrade from 4.3.x to 4.5.4 
(nightly).

It was said to work properly and I've done this before already,
so I wasn't expecting trouble. :)


Indeed, update key on old engine seems as good way forward
It seems that
https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html
and/or
https://rhv.bradmin.org/ovirt-engine/docs/Upgrade_Guide/Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-0_remote_db.html
will solve it for you.


Neat, I've bookmarked these guides. Very useful, thanks!

However, I found another way to make it work using the following steps:

- downgraded ovirt-engine-appliance-4.5 from version 
20230501063412.1.el9 (nightly) to 20221206125848.1.el9 (release)
- answered "YES" to the setup question "Renew engine PKI on restore if 
needed"


Due to time constraints I could not verify which of these
steps did the trick, but the upgrade was successfully.

Side note: I also had to downgrade ansible-core to 2.14.1, because
version 2.14.2 lead to troubles in early stages of the `hosted-engine 
--deploy`
setup process (a Python error: cannot import name 'Callable' from 
'collections').



Regards
- Frank
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/3EUHCKFM27TNHID3AJAPUUMD2P546T2W/

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

2023-05-12 Thread Volenbovskyi, Konstantin

Hi,
what are 'source' and 'target' ovirt engine versions?
Indeed, update key on old engine seems as good way forward
It seems that
https://myhomelab.gr/linux/2020/01/20/replacing_ovirt_ssl.html
and/or
https://rhv.bradmin.org/ovirt-engine/docs/Upgrade_Guide/Replacing_SHA-1_Certificates_with_SHA-256_Certificates_4-0_remote_db.html
will solve it for you.


BR,
Konstantin

Am 12.05.23, 12:50 schrieb "Frank Wall" mailto:f...@moov.de>>:


Hi,


I was trying to restore a oVirt Engine Backup into a new Hosted Engine
appliance (as part of an upgrade), but this failed with the following
error:


--== PKI CONFIGURATION ==--
[WARNING] Failed to read or parse
'/etc/pki/ovirt-engine/keys/engine.p12'
Perhaps it was changed since last Setup.
Error was:
Error outputting keys and certificates
80EBCC44677F:error:0308010C:digital envelope
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global
default library context, Algorithm (RC2-40-CBC : 0)


It looks like this is related to openssl requiring legacy mode
to use the old Engine cert/key.


Is there any way to workaround this? Or would it be possible
to repackage the existing PCKS#12 file with new encryption (on
the old Engine)?




Regards
- Frank
___
Users mailing list -- users@ovirt.org 
To unsubscribe send an email to users-le...@ovirt.org 

Privacy Statement: https://www.ovirt.org/privacy-policy.html 

oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/ 

List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org 
/message/YI647H7YWRHJKDXNP4DJDEHU4ZWKCHY2/



___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/PWXZZ42WWV7C5PG7CURMEIGVLIUXQXZC/

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

[ovirt-users] Re: Failed to read or parse '/etc/pki/ovirt-engine/keys/engine.p12'

3 matches

Site Navigation

Mail list logo

Footer information