Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-28 Thread Martin Perina
On Mon, Jun 27, 2016 at 1:16 AM, Matt Haught wrote: > On Fri, Jun 24, 2016 at 2:58 PM, Martin Perina wrote: > > > > > > This is not a correct solution although it's working for now. Correct > steps are described at [1]. > > > > Thanks > > > > Martin Perina > > > > [1] https://bugzilla.redhat.com

Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-26 Thread Matt Haught
On Fri, Jun 24, 2016 at 2:58 PM, Martin Perina wrote: > > > This is not a correct solution although it's working for now. Correct steps > are described at [1]. > > Thanks > > Martin Perina > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1336838 > So I followed the bug report and put my CA ce

Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-24 Thread Martin Perina
On Fri, Jun 24, 2016 at 7:43 PM, Scott wrote: > You need to import your intermediate certificate and possibly your CA > certificate into the ovirt-engine keystore. This is the command I used: > > sudo keytool -importcert -trustcacerts -keystore > /etc/pki/ovirt-engine/.truststore -storepass mypa

Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-24 Thread Martin Perina
Hi, if you are using HTTPS certificate signed by custom CA, manual action is required after upgrade to 4.0 due to introduction of oVirt engine SSO feature. More info about the manual steps can be found at [1]. Thanks Martin Perina [1] https://bugzilla.redhat.com/show_bug.cgi?id=1336838 On Fri

Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-24 Thread Scott
You need to import your intermediate certificate and possibly your CA certificate into the ovirt-engine keystore. This is the command I used: sudo keytool -importcert -trustcacerts -keystore /etc/pki/ovirt-engine/.truststore -storepass mypass -file /etc/pki/tls/certs/startcom.class1.server.ca.pem

Re: [ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-24 Thread Matt Haught
So I switched back to the original self-signed certs that I had luckily saved and was able to get in without error. Is there a new process for using non-self-signed certs with ovirt 4.0? Thanks, -- Matt Haught On Fri, Jun 24, 2016 at 11:19 AM, Matt Haught wrote: > I just attempted an upgrade fr

[ovirt-users] 3.6 to 4.0 upgrade cert issue

2016-06-24 Thread Matt Haught
I just attempted an upgrade from 3.6 to 4.0 hosted engine and ran into an problem. The hosted engine vm updated without issue, but when I go to login to the web interface to continue the process I get: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.cert