To continue the troubleshooting, I believe there is mutual SSL between
ovirt-engine and host so I think what I am missing is to put this new
cert for ovirt-engine to use it as client cert auth.
But where to put it? I noticed that generating the cert does not put it
in /etc/pki/ovirt-engine/certs altho I am not sure if that is
significant or not.
I tried to manually replace the cert there named hostname.cer but it
doesn't do anything.
Where do host certs need to be stored on the ovirt-engine side?
I also updated the libvirt-migrate cert which has it's own key and
different CA but that didn't make a difference.
Best regards
On 10/03/2023 05:13, cen wrote:
Hi
Our VDSM certs have expired, both hosts are unassigned and can't be
put into maintenance from UI.
vdsm-client is not working, times out even with --insecure flag. Does
host and port need to be specified when run locally or should defaults
work?
Error in console events is: Get Host Capabilities Failed: PKIX path
validation failed...
I followed a RHV guide for this exact situation and generated new vdsm
certificate using the ovirt-engine CA.
The new cert seems identical to the old one, everything matches
(algos, extensions, CA, CN, SAN etc) just new date.
After restarting libvirtd and vdsmd on the host with new cert in place
the host is still not reachable.
However, error message is now slightly different:
get Host Capabilities failed: Received fatal error: certificate_expired
Cert was replaced in the following locations:
/etc/pki/vdsm/certs/vdsmcert.pem
/etc/pki/vdsm/libvirt-spice/server-cert.pem
/etc/pki/libvirt/clientcert.pem
Is there another location missing? What else can I try?
All help appreciated in advance
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:
https://lists.ovirt.org/archives/list/users@ovirt.org/message/HLYWZLI6OZ5CEY2WDQS5E6YKYJWZQS2F/