Hi, You may need to import the new certificate to the browser.
Regards, Lucia On Wed, Dec 21, 2022 at 11:42 AM <dvx.mel...@gmail.com> wrote: > Hello everyone, > > Context : > oVirt 4.4.9.3-1.el8 > glusterfs 8.6 > Self-hosted engine > > Problem: > Since I update my certificates (with engine-setup) because of the warning > that my certs will expire soon, I can't open the noVNC console anymore. > > In the logs on engine, I have these : > in /var/log/messages : > ovsdb-server[510110]: > ovs|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: receive error: > Protocol error > ovsdb-server[510110]: > ovs|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: connection dropped > (Protocol error) > journal[516217]: 2022-12-21 11:31:27,800+0100 ovirt-websocket-proxy: INFO > msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 > alert certificate unknown (_ssl.c:897) > ovirt-websocket-proxy.py[509812]: ovirt-websocket-proxy[516217] INFO > msg:871 handler exception: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] sslv3 > alert certificate unknown (_ssl.c:897) > ovsdb-server[510110]: ovs|04632|stream_ssl|WARN|SSL_accept: > error:1417C086:SSL routines:tls_process_client_certificate:certificate > verify failed > > in /var/log/openvswitch/ovsdb-server-sb.log : > 2022-12-21T10:31:22.540Z|04626|stream_ssl|WARN|SSL_accept: > error:1417C086:SSL routines:tls_process_client_certificate:certificate > verify failed > 2022-12-21T10:31:22.541Z|04627|jsonrpc|WARN|Dropped 1 log messages in last > 8 seconds (most recently, 8 seconds ago) due to excessive rate > 2022-12-21T10:31:22.541Z|04628|jsonrpc|WARN|ssl:[::ffff:<ip_node_1>]:51214: > receive error: Protocol error > 2022-12-21T10:31:22.542Z|04629|reconnect|WARN|ssl:[::ffff:<ip_node_1>]:51214: > connection dropped (Protocol error) > > I've tried these commands (found here : > https://access.redhat.com/solutions/6877501) : > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh > --name="ovirt-provider-ovn" --password=mypass --subject="<subject_engine>" > --keep-key > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-ndb" > --password=mypass --subject="<subject_engine>" --keep-key > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh --name="ovn-sdb" > --password=mypass --subject="<subject_engine>" --keep-key > systemctl restart ovirt-provider-ovn.service > systemctl restart ovn-northd.service > > Still not work, so I've seen that some certificates was still not renewed > : > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh > --name="vmconsole-proxy-helper" --password=mypass > --subject="<subject_engine>" --keep-key > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh > --name="vmconsole-proxy-host" --password=mypass > --subject="<subject_engine>" --keep-key > /usr/share/ovirt-engine/bin/pki-enroll-pkcs12.sh > --name="vmconsole-proxy-user" --password=mypass > --subject="<subject_engine>" --keep-key > And restart every ovirt services. > > But it still does not work better. > > I don't see any other unvalid certificates in > /etc/pki/ovirt-engine/certs/, so I don't know which certificate is invalid > for ovsdb. > > Thanks for any advice. > Best regards, > > Michael > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/MD2TXPGRX4V5EIDNVMDXWU2NCCISN5BQ/ >
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/K2OQ2LSHBTHC6MIKO4AJBABBWRA5WWP7/
