[ovirt-users] Cannot install new host on 4.0, Certificate enrollment failed

Matt . yamakasi.014 at gmail.com
Wed Jul 20 10:30:31 UTC 2016 

Hi,

I found out yesterday late I was looking in the certs folder for the
serial, this was the issue all files are there.

I need to test a shorter fqdn, which is a pity, but I wonder why it
should be too long for a cert create.



2016-07-20 10:14 GMT+02:00 Juan Hernández <jhernand at redhat.com>:
> On 07/19/2016 07:59 PM, Matt . wrote:
>> Hi,
>>
>> Thanks for the heads up, I saw this in some thread too and this file
>> was available here with the upcoming number.
>>
>> Which rightsdo the file has?
>>
>> I don't have a ca.pem in that cert folder anymore can that be an issue?
>>
>
> In theory the ca.pem isn't needed to sign certificates, but the fact
> that it isn't in that directory probably means that something has been
> incorrectly manipulated, either manually or by the system itself. These
> are the files/permissions from a working environment:
>
> lrwxrwxrwx. 1 root  root    28 Jul  8 11:34 apache-ca.pem ->
> /etc/pki/ovirt-engine/ca.pem
> -rw-r--r--. 1 root  root   384 Jul  8 11:34 cacert.conf
> -rw-r--r--. 1 root  root   384 Jul  8 11:34 cacert.template
> -rw-r--r--. 1 root  root   384 Jul 18 20:46 cacert.template.in
> -rw-r--r--. 1 root  root  4587 Jul  8 11:34 ca.pem
> -rw-r--r--. 1 root  root   923 Jul  8 11:34 cert.conf
> drwxr-xr-x. 2 ovirt ovirt 4096 Jul 18 20:46 certs
> -rw-r--r--. 1 root  root   923 Jul  8 11:34 cert.template
> -rw-r--r--. 1 root  root   717 Jul 18 20:46 cert.template.in
> -rw-r--r--. 1 ovirt ovirt  667 Jul  8 11:42 database.txt
> -rw-r--r--. 1 ovirt ovirt   20 Jul  8 11:42 database.txt.attr
> -rw-r--r--. 1 ovirt ovirt   20 Jul  8 11:42 database.txt.attr.old
> -rw-r--r--. 1 ovirt ovirt  599 Jul  8 11:42 database.txt.old
> drwxr-xr-x. 2 root  root  4096 Jul 18 20:46 keys
> -rw-r--r--. 1 root  root   548 Jul 18 20:46 openssl.conf
> drwxr-x---. 2 ovirt ovirt   19 Jul 18 20:46 private
> drwxr-xr-x. 2 ovirt ovirt 4096 Jul 18 20:46 requests
> -rw-r--r--. 1 ovirt ovirt    5 Jul  8 11:42 serial.txt
> -rw-r--r--. 1 ovirt ovirt    5 Jul  8 11:42 serial.txt.old
>
>>
>>
>> 2016-07-19 19:08 GMT+02:00 Juan Hernández <jhernand at redhat.com>:
>>> On 07/19/2016 06:16 PM, Matt . wrote:
>>>> Can anyone confirm what max. number of subdomains can be used for a
>>>> certificate ?
>>>>
>>>> The length of 65 per subdomain should be default.
>>>>
>>>> 2016-07-19 15:06 GMT+02:00 Matt . <yamakasi.014 at gmail.com>:
>>>>> It's the fqdn indeed, not it's hostname.
>>>>>
>>>>> Fqdn should be possible I thought as discussed before in the channel
>>>>> (while ago).
>>>>>
>>>>> 2016-07-19 15:04 GMT+02:00 Yaniv Kaul <ykaul at redhat.com>:
>>>>>>
>>>>>> On Tue, Jul 19, 2016 at 3:43 PM, Matt . <yamakasi.014 at gmail.com> wrote:
>>>>>>>
>>>>>>>
>>>>>>> kvm-01.hosts.services-01.clusters.mycluster-01.dc.ovirt.subdomain.dc-01.dc.my.network
>>>>>>
>>>>>>
>>>>>> Is this the name of the host? perhaps it's a bit too long?
>>>>>> Y.
>>>
>>> Not sure if this is relevant, but I had the same problem today, and the
>>> cause was that the /etc/pki/ovirt-engine/serial.txt file was empty, and
>>> openssl refused to open it. I wrote manually a number inside, taking the
>>> value from /etc/pki/ovirt-engine/serial.txt.old (plus one), and then
>>> things started to work.
>>>
>>> --
>>> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
>>> 3ºD, 28016 Madrid, Spain
>>> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.
>
>
> --
> Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta
> 3ºD, 28016 Madrid, Spain
> Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.

More information about the Users mailing list