Hello everyone, Context : oVirt 4.4.9.3-1.el8 glusterfs 8.6 Self-hosted engine
Problem: Since I update my certificates (with engine-setup) because of the warning that my certs will expire soon, I can't open the noVNC console anymore. In the logs on engine, I have these : in /var/log/messages : ovsdb-server[510110]: ovs|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error ovsdb-server[510110]: ovs|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error) journal[516217]: 2022-12-21 11:31:27,800+0100 ovirt-websocket-proxy: INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovirt-websocket-proxy.py[509812]: ovirt-websocket-proxy[516217] INFO msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 alert certificate unknown (_ssl.c:897) ovsdb-server[510110]: ovs|04632|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed in /var/log/openvswitch/ovsdb-server-sb.log : 2022-12-21T10:31:22.540Z|04626|stream_ssl|WARN|SSL_accept: error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed 2022-12-21T10:31:22.541Z|04627|jsonrpc|WARN|Dropped 1 log messages in last 8 seconds (most recently, 8 seconds ago) due to excessive rate 2022-12-21T10:31:22.541Z|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: Protocol error 2022-12-21T10:31:22.542Z|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped (Protocol error) I've tried these commands (found here : https://access.redhat.com/solutions/6877501) : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovirt-provider-ovn" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-ndb" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-sdb" --password=mypass --subject="<subject_engine>" --keep-key systemctl restart ovirt-provider-ovn.service systemctl restart ovn-northd.service Still not work, so I've seen that some certificates was still not renewed : /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-helper" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-host" --password=mypass --subject="<subject_engine>" --keep-key /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="vmconsole-proxy-user" --password=mypass --subject="<subject_engine>" --keep-key And restart every ovirt services. But it still does not work better. I don't see any other unvalid certificates in /etc/pki/ovirt-engine/certs/, so I don't know which certificate is invalid for ovsdb. Thanks for any advice. Best regards, Michael _______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/MD2TXPGRX4V5EIDNVMDXWU2NCCISN5BQ/
