Interestingly, I just got this same error again after I upgraded (I upgraded from 4.0.4 to 4.0.5 to fix the 'internal server error' bug that was fixed in 4.0.5)
server_error: The connection reader was unable to successfully complete TLS negotiation: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExpiredException: NotAfter: Fri Nov 04 00:19:18 GMT 2016 caused by java.security.cert.CertificateExpiredException: NotAfter: Fri Nov 04 00:19:18 GMT 2016 Shall I send the logs? On Thu, Nov 24, 2016 at 10:55 AM, Yedidyah Bar David <d...@redhat.com> wrote: > On Thu, Nov 24, 2016 at 12:47 PM, cmc <iuco...@gmail.com> wrote: > > Hi Yedidyah, > > > > Attached are the setup logs, sorry for the delay. I checked all the > backup > > certs, and the expiry dates were either in 2021 or 2026. > > Sorry, no idea. > > This means that all certs generated by engine-setup were ok. > > Not sure what caused this message. If it happens again, please > check the certificate's details, who issued/signed it etc. > > Best, > > > > > Regards, > > > > Cam > > > > On Tue, Nov 8, 2016 at 7:25 AM, Yedidyah Bar David <d...@redhat.com> > wrote: > >> > >> On Mon, Nov 7, 2016 at 9:15 PM, cmc <iuco...@gmail.com> wrote: > >> > To reply to my own email: > >> > > >> > This is now fixed. > >> > > >> > I originally ran these steps for the upgrade: > >> > > >> > # yum install > >> > http://resources.ovirt.org/pub/yum-repo/ovirt-release40.rpm > >> > # yum update "ovirt-engine-setup*" > >> > # engine-setup > >> > > >> > There were no errors reported during the process. I could login as the > >> > internal user without any errors. It was just using an external > >> > provider, > >> > which made me think it was an aaa issue, so I looked > >> > at the certificate exported from AD which had an expiry of 2063. > >> > > >> > I tried running engine-setup again, and this fixed the issue. I have > no > >> > idea > >> > what happened along the way, I will check the logs. I notice it > reports: > >> > > >> > [ INFO ] Upgrading CA > >> > >> engine-setup always emits this message. You might find more details in > the > >> setup logs regarding what it actually did. > >> > >> > > >> > so it looks like it creates a cert. Why it would have created one with > >> > such > >> > a short expiry date is a mystery to me. > >> > > >> > Hope this helps anyone who might come across this issue > >> > >> Thanks for the report! > >> > >> Can you please share both setup logs? Thanks. > >> > >> Also, most files should be backed up by engine-setup prior to being > >> changed/removed. So you can check the backups. E.g.: > >> > >> # openssl x509 -in /etc/pki/ovirt-engine/ca.pem.20160120160548 -noout > >> -enddate > >> notAfter=May 22 07:32:23 2025 GMT > >> # openssl x509 -in /etc/pki/ovirt-engine/ca.pem -noout -enddate > >> notAfter=Mar 6 09:46:44 2026 GMT > >> > >> Or, > >> > >> find /etc/pki/ovirt-engine -name "*.cer*" -o -name "*.pem*" | while > >> read file; do echo $file $(openssl x509 -in $file -noout -enddate); > >> done > >> > >> Best, > >> -- > >> Didi > > > > > > > > -- > Didi >
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
