Can you check https://www.ovirt.org/documentation/admin-guide/appe-oVirt_and_SSL.html just in case you missed a step ?
Best Regards, Strahil Nikolov На 27 май 2020 г. 23:10:53 GMT+03:00, Stack Korora <stackkor...@disroot.org> написа: >Greetings, >I have a running oVirt install that's been working for almost 2 years. >I'm building a _completely_ new install. I mention it because it is >useful for me to compare configurations when I run into issues like >this >one. > >Right now there are three physical hosts: >1x management where I run the engine and db >2x hypervisor nodes. > >I had it up and installed and running smooth this morning on >4.3.9.4-1.el7 on Scientific Linux 7.8 (fully patched). > >I copied over our 3rd party certs from the running system and restarted >httpd. Perfect. SSL is running! >/etc/pki/ovirt-engine/apache-ca.pem >/etc/pki/ovirt-engine/certs/apache.cer >/etc/pki/ovirt-engine/keys/apache.key.nopass > >Next I used ovirt-engine-extension-aaa-ldap-setup to point to our ldap >server. I did the login and search test and both passed on the command >line! Horray! > >Then I went to the web interface... > >sun.security.validator.ValidatorException: PKIX path building failed: >sun.security.provider.certpath.SunCertPathBuilderException: unable to >find valid certification path to requested target > >I'm digging through logs and I don't see anything close to this error >except nearly the identical message in engine.log. > >ERROR [org.ovirt.engine.core.aaa.servlet.SslPostLoginServlet] (default >task-2) [] server_error: sun.security.validator.ValidatorException: >PKIX >path building failed: >sun.security.provider.certpath.SunCertPathBuilderException: unable to >find valid certification path to requested target > >I can't log in via the web at all, I only get that message (so I can't >even test out the local admin). The aaa ldap configuration it generated >is darn near perfectly identical (just a name change). The certs are >the >same. Even when I look in the keystore, the sha1 hashes are the same >between the two environments! > >After over an hour poking at this, I'm completely stumped. > >Can someone please give me a pointer on what I should try next? > >Thanks! >~Stack~ >_______________________________________________ >Users mailing list -- users@ovirt.org >To unsubscribe send an email to users-le...@ovirt.org >Privacy Statement: https://www.ovirt.org/privacy-policy.html >oVirt Code of Conduct: >https://www.ovirt.org/community/about/community-guidelines/ >List Archives: >https://lists.ovirt.org/archives/list/users@ovirt.org/message/YOR3ATLII3LYIBEYVOKTEE4RIYZGJR76/ _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/23P3SRYRF2JXPLMSRRR3H5EED4427DCG/