Hello I have oVirt cluster with 25 hypervisors that has been running fine for a couple of years and today all of a sudden engine was getting ssl errors talking to the hypervisors. Error in engine.log is:
2022-10-10 16:20:23,562-05 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-47) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: Received fatal alert: unknown_ca Certificates don't seem expired and I ran the command: openssl x509 -noout -in /etc/pki/ovirt-engine/ca.pem -fingerprint openssl x509 -noout -in /etc/pki/vdsm/certs/cacert.pem -fingerprint # openssl x509 -noout -in /etc/pki/vdsm/libvirt-spice/ca-cert.pem -fingerprint # openssl x509 -noout -in /etc/pki/vdsm/libvirt-vnc/ca-cert.pem -fingerprint # openssl x509 -noout -in /etc/pki/CA/cacert.pem -fingerprint Those commands show that the fingerprints are the same. openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/engine.cer # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/apache.cer # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/websocket-proxy.cer # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/jboss.cer # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/imageio-proxy.cer # openssl verify -CAfile /etc/pki/ovirt-engine/ca.pem /etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer These verification commands come back as OK. I am having trouble finding my problem. Does anyone have any suggestions? I am not finding any hits on google and unknown_ca. Also the vdsm log on hypervisors has this: 2022-10-10 15:54:42,843-0500 ERROR (Reactor thread) [ProtocolDetector.SSLHandshakeDispatcher] ssl handshake: SSLError, address: ::ffff:192.168.50.26 (sslutils:263) Thanks Don
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/OQMJ6FOO3YZW4XIOIDYO235KKGKLCH67/