Thanks, this put me in the correct track.
In my case, I just needed to run step 2, as the rest of the
configuration is being handled in a different way and works well. I also
tried to restart the host and it still works.
Thanks for the help!
El 2021-10-01 00:13, Edward Berger escribió:
I have an engine with a similar issue.
You might want to revert to the old self signed cert created by
installation, and then follow the instructions at
https://ovirt.org/documentation/administration_guide/index.html
to try re-installing the third party cert after you're sure the
original cert is working properly.
My temp fix for this (didn't survive an engine VM reboot) was to cat
the cert I was installing with its intermediate-root cert into
a file named full.crt and then running a command as root like...
keytool -import -trustcacerts -keystore /etc/pki/java/cacerts
-storepass changeit -alias "$YOURALIAS" -import -file full.crt
and then systemctl restart ovirt-engine #to pick up the change.
Still trying to track down what's different on this one vs others that
work.
key size is larger
cert has alternative name.
On Thu, Sep 30, 2021 at 4:47 PM Nicolás <nico...@devels.es> wrote:
Please, any help with this?
El 29/9/21 a las 13:21, nico...@devels.es escribió:
Hi,
I'm making a bare metal oVirt installation, version 4.4.8.
'ovirt-engine' command ends well, however, we're using a
third-party
certificate (from LetsEncrypt) both for the apache server and the
ovirt-websocket-proxy. So we changed configuration files regarding
httpd and ovirt-websocket-proxy.
Once changed the configurations, if I try to log in to the oVirt
engine, I get a "PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable
to
find valid certification path to requested target" error.
In prior versions we used to add the chain to the
/etc/pki/ovirt-engine/.truststore file, however, simply listing
the
current certificates seems not to be working on 4.4.8.
# LANG=C keytool -list -keystore
/etc/pki/ovirt-engine/.truststore
-alias intermedia_le -storepass mypass
keytool error: java.io.IOException: Invalid keystore format
Is there something I'm missing here?
Thank
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/5VWVBQGIWJSPWVTV5UK2I2VXBNDV6GSS/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/VKYBE6TJZFMAXX2G6GPMXIQYW7F5LABY/
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HQJS3WEZPYJV3DTI4FNNWK4FC4GFD3HV/
