On Thu, Nov 24, 2016 at 1:58 PM, cmc <iuco...@gmail.com> wrote: > I ran engine-setup again, but the issue was still present. However, I found > that by using a different browser (Firefox instead of Chrome), I did not get > the error. I cleared the cookies in Chrome and the issue no longer occured. > So it may well be a browser issue.
Thanks for the report. Adding Alexander in case he wishes to check/note something. Best, > > Thanks, > > C > > On Thu, Nov 24, 2016 at 11:22 AM, cmc <iuco...@gmail.com> wrote: >> >> Interestingly, I just got this same error again after I upgraded (I >> upgraded from 4.0.4 to 4.0.5 to fix the 'internal server error' bug that was >> fixed in 4.0.5) >> >> server_error: The connection reader was unable to successfully complete >> TLS negotiation: javax.net.ssl.SSLHandshakeException: >> java.security.cert.CertificateExpiredException: NotAfter: Fri Nov 04 >> 00:19:18 GMT 2016 caused by java.security.cert.CertificateExpiredException: >> NotAfter: Fri Nov 04 00:19:18 GMT 2016 >> >> Shall I send the logs? >> >> On Thu, Nov 24, 2016 at 10:55 AM, Yedidyah Bar David <d...@redhat.com> >> wrote: >>> >>> On Thu, Nov 24, 2016 at 12:47 PM, cmc <iuco...@gmail.com> wrote: >>> > Hi Yedidyah, >>> > >>> > Attached are the setup logs, sorry for the delay. I checked all the >>> > backup >>> > certs, and the expiry dates were either in 2021 or 2026. >>> >>> Sorry, no idea. >>> >>> This means that all certs generated by engine-setup were ok. >>> >>> Not sure what caused this message. If it happens again, please >>> check the certificate's details, who issued/signed it etc. >>> >>> Best, >>> >>> > >>> > Regards, >>> > >>> > Cam >>> > >>> > On Tue, Nov 8, 2016 at 7:25 AM, Yedidyah Bar David <d...@redhat.com> >>> > wrote: >>> >> >>> >> On Mon, Nov 7, 2016 at 9:15 PM, cmc <iuco...@gmail.com> wrote: >>> >> > To reply to my own email: >>> >> > >>> >> > This is now fixed. >>> >> > >>> >> > I originally ran these steps for the upgrade: >>> >> > >>> >> > # yum install >>> >> > http://resources.ovirt.org/pub/yum-repo/ovirt-release40.rpm >>> >> > # yum update "ovirt-engine-setup*" >>> >> > # engine-setup >>> >> > >>> >> > There were no errors reported during the process. I could login as >>> >> > the >>> >> > internal user without any errors. It was just using an external >>> >> > provider, >>> >> > which made me think it was an aaa issue, so I looked >>> >> > at the certificate exported from AD which had an expiry of 2063. >>> >> > >>> >> > I tried running engine-setup again, and this fixed the issue. I have >>> >> > no >>> >> > idea >>> >> > what happened along the way, I will check the logs. I notice it >>> >> > reports: >>> >> > >>> >> > [ INFO ] Upgrading CA >>> >> >>> >> engine-setup always emits this message. You might find more details in >>> >> the >>> >> setup logs regarding what it actually did. >>> >> >>> >> > >>> >> > so it looks like it creates a cert. Why it would have created one >>> >> > with >>> >> > such >>> >> > a short expiry date is a mystery to me. >>> >> > >>> >> > Hope this helps anyone who might come across this issue >>> >> >>> >> Thanks for the report! >>> >> >>> >> Can you please share both setup logs? Thanks. >>> >> >>> >> Also, most files should be backed up by engine-setup prior to being >>> >> changed/removed. So you can check the backups. E.g.: >>> >> >>> >> # openssl x509 -in /etc/pki/ovirt-engine/ca.pem.20160120160548 -noout >>> >> -enddate >>> >> notAfter=May 22 07:32:23 2025 GMT >>> >> # openssl x509 -in /etc/pki/ovirt-engine/ca.pem -noout -enddate >>> >> notAfter=Mar 6 09:46:44 2026 GMT >>> >> >>> >> Or, >>> >> >>> >> find /etc/pki/ovirt-engine -name "*.cer*" -o -name "*.pem*" | while >>> >> read file; do echo $file $(openssl x509 -in $file -noout -enddate); >>> >> done >>> >> >>> >> Best, >>> >> -- >>> >> Didi >>> > >>> > >>> >>> >>> >>> -- >>> Didi >> >> > -- Didi _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
