[ovirt-users] Ovirt 4.4.7, can't renew certificate of ovirt engine (certificates expired)

Mon, 29 Aug 2022 10:32:59 -0700 

Hi Team,

I'm looking for your help since I didn't find any clear documentation. Is there 
somewhere in ovirt website a clear documentation about how to renew the engine 
certificates located in /etc/pki/ovirt-engine/certs/

We have an engine GUI not working, showing error message "PKIX path validation 
failed: java.security.cert.CertPathValidatorException: validity check failed".

After checking, all the cert in /etc/pki/ovirt-engine/certs/ are expired.

I didn't find a clear documentation on ovirt website, or even on redhat website 
(it was always about host but not the engine)

Anyway I've read that the renew process can be done via "engine-setup 
--offline", but when I try it, it generates this error:

          --== PKI CONFIGURATION ==--

[ ERROR ] Failed to execute stage 'Environment customization': Unable to load 
certificate. See 
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more 
details.

and in log file:

 File 
"/usr/lib64/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py",
 line 1371, in load_pem_x509_certificate
    "Unable to load certificate. See https://cryptography.io/en/la";
ValueError: Unable to load certificate. See 
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more 
details.
2022-08-29 19:16:29,502+0200 ERROR otopi.context context._executeMethod:154 
Failed to execute stage 'Environment customization': Unable to load 
certificate. See 
https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more 
details.

I've also tried the manual procedure (using 
/usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh)  mentioned in 
https://users.ovirt.narkive.com/4ugjgicE/ovirt-regenerating-new-ssl-certificates-for-ovirt-engine
 (message from Alon Bar-Lev), but the 4th command always says I enter a wrogn 
apssword, but it's not.

we are blocked here and we can't use our ovirt cluster, so it's pretty blocking.

Thx a lot in advance
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/RYHJ4XJAYCAN3KVT7BJOGRUU6JEZTXCF/

Reply via email to