[ovirt-users] Re: Error virNetTLSContextLoadCertFromFile after upgrade from oVirt 4.2 to 4.3.4

Tue, 25 Jun 2019 10:39:01 -0700 

Il 25/06/2019 14:26, Stefano Danzi ha scritto:



I don't remember to ever seen a question about this during 
engine-setup,

but it could be.
In /etc/pki/vdsm/certs/ I can see an old cert and ca with subjet:

[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in
/etc/pki/vdsm/certs/cacert.pem.20150205093608 -text'
Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 1423056193 (0x54d21d41)
      Signature Algorithm: sha256WithRSAEncryption
          Issuer: CN=VDSM Certificate Authority
          Validity
              Not Before: Feb  4 13:23:13 2015 GMT
              Not After : Feb  4 13:23:13 2016 GMT
          Subject: CN=VDSM Certificate Authority
          Subject Public Key Info:

[CUT]

[root@ovirt01 ~]# su - vdsm -s /bin/bash -c 'openssl x509 -in
/etc/pki/vdsm/certs/vdsmcert.pem.20150205093609 -text'
Certificate:
      Data:
          Version: 3 (0x2)
          Serial Number: 1423056193 (0x54d21d41)
      Signature Algorithm: sha256WithRSAEncryption
          Issuer: CN=VDSM Certificate Authority
          Validity
              Not Before: Feb  4 13:23:13 2015 GMT
              Not After : Feb  4 13:23:13 2016 GMT
          Subject: CN=ovirt01.hawai.lan, O=VDSM Certificate
          Subject Public Key Info:
              Public Key Algorithm: rsaEncryption


I think that was certs made during first hosted engine installation.
Could it work if I manually create certs like this?
Just to start libvirtd, vdsm and hosted-engine.

I think it's worth a try. Just create a self-signed CA, a keypair
signed by it, and place them correctly, should work.

The engine won't be able to talk with the host, but you can then more
easily reinstall/re-enroll-certs.

Good luck,

This workaround works!
I have hosted engine running!


So I have to find how reinstall/re-enroll-certs on host. From engine 
UI host status is "NonResponsive" and I can't do nothing....
_______________________________________________ 


Status:


now Host status is "Unassiged".  Engine can't reach host for "General 
SSLEngine problem" and It's ok because certs are "home made".

I can't switch host to maintenance because it's not operational.
I can't enroll certificate because is not in maintenance status.

hou I can enroll host cert manually?


_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/site/privacy-policy/
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/YS3GQNBWPPFYVV2YJKGHJEOEB2UVA7HI/






















					Reply via email to