[ovirt-users] SSLHandshakeException: Received fatal alert: certificate_expired

Neil nwilson123 at gmail.com
Thu Sep 21 14:31:05 UTC 2017 

Hi Piotr,

Thank you for the reply. After sending the email I did go and check the
engine one too....

[root at engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/ca.pem -enddate
-noout
notAfter=Oct 13 16:26:46 2022 GMT

I'm not sure if this one below is meant to verify or if this output is
expected?

[root at engine01 /]# openssl x509 -in /etc/pki/ovirt-engine/private/ca.pem
-enddate -noout
unable to load certificate
140642165552968:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE

My date is correct too Thu Sep 21 16:30:15 SAST 2017

Any ideas?

Googling surprisingly doesn't come up with much.

Thank you.

Regards.

Neil Wilson.

On Thu, Sep 21, 2017 at 4:16 PM, Piotr Kliczewski <
piotr.kliczewski at gmail.com> wrote:

> Neil,
>
> You checked both nodes what about the engine? Can you check engine certs?
> You can find more info where they are located here [1].
>
> Thanks,
> Piotr
>
> [1] https://www.ovirt.org/develop/release-management/features/
> infra/pki/#ovirt-engine
>
> On Thu, Sep 21, 2017 at 3:26 PM, Neil <nwilson123 at gmail.com> wrote:
> > Hi guys,
> >
> > Please could someone assist, my cluster is down and I can't access my
> vm's
> > to switch some of them back on.
> >
> > I'm seeing the following error in the engine.log however I've checked my
> > certs on my hosts (as some of the goolge results said to check), but the
> > certs haven't expired...
> >
> >
> > 2017-09-21 15:09:45,077 ERROR
> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand]
> > (DefaultQuartzScheduler_Worker-4) Command GetCapabilitiesVDSCommand(
> HostName
> > = node02.mydomain.za, HostId = d2debdfe-76e7-40cf-a7fd-78a0f50f14d4,
> > vds=Host[node02.mydomain.za]) execution failed. Exception:
> > VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal
> > alert: certificate_expired
> > 2017-09-21 15:09:45,086 ERROR
> > [org.ovirt.engine.core.vdsbroker.vdsbroker.GetCapabilitiesVDSCommand]
> > (DefaultQuartzScheduler_Worker-10) Command
> > GetCapabilitiesVDSCommand(HostName = node01.mydomain.za, HostId =
> > b108549c-1700-11e2-b936-9f5243b8ce13, vds=Host[node01.mydomain.za])
> > execution failed. Exception: VDSNetworkException:
> > javax.net.ssl.SSLHandshakeException: Received fatal alert:
> > certificate_expired
> > 2017-09-21 15:09:48,173 ERROR
> >
> > My engine and host info is below...
> >
> > [root at engine01 ovirt-engine]# rpm -qa | grep -i ovirt
> > ovirt-engine-lib-3.4.0-1.el6.noarch
> > ovirt-engine-restapi-3.4.0-1.el6.noarch
> > ovirt-engine-setup-plugin-ovirt-engine-3.4.0-1.el6.noarch
> > ovirt-engine-3.4.0-1.el6.noarch
> > ovirt-engine-setup-plugin-websocket-proxy-3.4.0-1.el6.noarch
> > ovirt-host-deploy-java-1.2.0-1.el6.noarch
> > ovirt-engine-setup-3.4.0-1.el6.noarch
> > ovirt-host-deploy-1.2.0-1.el6.noarch
> > ovirt-engine-backend-3.4.0-1.el6.noarch
> > ovirt-image-uploader-3.4.0-1.el6.noarch
> > ovirt-engine-tools-3.4.0-1.el6.noarch
> > ovirt-engine-sdk-python-3.4.0.7-1.el6.noarch
> > ovirt-engine-webadmin-portal-3.4.0-1.el6.noarch
> > ovirt-engine-cli-3.4.0.5-1.el6.noarch
> > ovirt-engine-setup-base-3.4.0-1.el6.noarch
> > ovirt-iso-uploader-3.4.0-1.el6.noarch
> > ovirt-engine-userportal-3.4.0-1.el6.noarch
> > ovirt-log-collector-3.4.1-1.el6.noarch
> > ovirt-engine-websocket-proxy-3.4.0-1.el6.noarch
> > ovirt-engine-setup-plugin-ovirt-engine-common-3.4.0-1.el6.noarch
> > ovirt-engine-dbscripts-3.4.0-1.el6.noarch
> > [root at engine01 ovirt-engine]# cat /etc/redhat-release
> > CentOS release 6.5 (Final)
> >
> >
> > [root at node02 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem
> -enddate
> > -noout ; date
> > notAfter=May 27 08:36:17 2019 GMT
> > Thu Sep 21 15:18:22 SAST 2017
> > CentOS release 6.5 (Final)
> > [root at node02 ~]# rpm -qa | grep vdsm
> > vdsm-4.14.6-0.el6.x86_64
> > vdsm-python-4.14.6-0.el6.x86_64
> > vdsm-cli-4.14.6-0.el6.noarch
> > vdsm-xmlrpc-4.14.6-0.el6.noarch
> > vdsm-python-zombiereaper-4.14.6-0.el6.noarch
> >
> >
> > [root at node01 ~]# openssl x509 -in /etc/pki/vdsm/certs/vdsmcert.pem
> -enddate
> > -noout ; date
> > notAfter=Jun 13 16:09:41 2018 GMT
> > Thu Sep 21 15:18:52 SAST 2017
> > CentOS release 6.5 (Final)
> > [root at node01 ~]# rpm -qa | grep -i vdsm
> > vdsm-4.14.6-0.el6.x86_64
> > vdsm-xmlrpc-4.14.6-0.el6.noarch
> > vdsm-cli-4.14.6-0.el6.noarch
> > vdsm-python-zombiereaper-4.14.6-0.el6.noarch
> > vdsm-python-4.14.6-0.el6.x86_64
> >
> > Please could I have some assistance, I'm rater desperate.
> >
> > Thank you.
> >
> > Regards.
> >
> > Neil Wilson
> >
> >
> >
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170921/2150caad/attachment.html>

More information about the Users mailing list