<div dir="ltr"><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">How can I regenerate the ovirt engine CA certs and corresponding vdsm certs? I have an ovirt setup that I’m upgrading from 3.2.0 (from the dre repos) to 3.2.3 and I am getting the certificate errors listed below after the upgrade. I have done this same upgrade on an number of other ovirt-engines with no issue. The setup had originally been installed with ovirt 3.1 so it possible that some of the certificate configurations from 3.1 are still present on this ovirt-engine and it is contributing to the problem. For example, I noticed that the /etc/pki/ovirt-engine/cacert.conf file on this troublesome upgrade has “default_bits = rsa:1024”, but the systems that upgraded successfully have “default_bits = rsa:2048”. The same is true for the cert.conf file.<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Engine.log<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">2014-03-10 17:10:28,954 ERROR [org.ovirt.engine.core.vdsbroker.VdsUpdateRunTimeInfo] (DefaultQuartzScheduler_Worker-2) vds::refreshVdsStats Failed getVdsStats, vds = a7459d21-b5a6-4330-9897-f2018c9a1776 : vm1, error = VDSNetworkException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"><u></u> <u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Vdsm.log<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">BindingXMLRPC::ERROR::2014-03-10 20:58:00,871::SecureXMLRPCServer::97::root::(verify) invalid client certificate with subject "/C=US/O=<a href="http://example.com/CN=CA-ovirt1.example.com.30758" target="_blank">example.com/CN=CA-ovirt1.example.com.30758</a>"<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">BindingXMLRPC::ERROR::2014-03-10 20:58:00,872::BindingXMLRPC::72::vds::(threaded_start) xml-rpc handler exception<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">Traceback (most recent call last):<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
File "/usr/share/vdsm/BindingXMLRPC.py", line 68, in threaded_start<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> self.server.handle_request()<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> File "/usr/lib64/python2.6/SocketServer.py", line 268, in handle_request<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
self._handle_request_noblock()<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> File "/usr/lib64/python2.6/SocketServer.py", line 278, in _handle_request_noblock<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> request, client_address = self.get_request()<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
File "/usr/lib64/python2.6/SocketServer.py", line 446, in get_request<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> return self.socket.accept()<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> File "/usr/lib64/python2.6/site-packages/vdsm/SecureXMLRPCServer.py", line 116, in accept<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
client, address = self.connection.accept()<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 167, in accept<u></u><u></u></p>
<p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif"> ssl.accept_ssl()<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 156, in accept_ssl<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">
return m2.ssl_accept(self.ssl, self._timeout)<u></u><u></u></p><p class="MsoNormal" style="margin:0in 0in 0.0001pt;font-size:11pt;font-family:Calibri,sans-serif">SSLError: no certificate returned</p></div>