<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Feb 1, 2016 at 7:10 PM, Marcelo Leandro <span dir="ltr">&lt;<a href="mailto:marceloltmm@gmail.com" target="_blank">marceloltmm@gmail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">I copied wrong.<br>
the authorityInfoAccess is not empty.<br>
yes, i followed correctly.<br>
<br>
attached cert.conf.<br></blockquote><div><br></div><div>Ok, thanks.</div><div>But keyUsage = critical,${ENV::OVIRT_KU}</div><div>extendedKeyUsage = ${ENV::OVIRT_EKU}</div><div>still looks strage.</div><div><br></div><div>Can you please check what you had before the migration?</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
thanks<br>
<div class=""><div class="h5"><br>
<br>
<br>
2016-02-01 14:25 GMT-03:00 Simone Tiraboschi &lt;<a href="mailto:stirabos@redhat.com">stirabos@redhat.com</a>&gt;:<br>
&gt; Thanks Marcelo,<br>
&gt; unfortunately I can confirm you that it&#39;s broken: ${ENV::OVIRT_EKU} didn&#39;t<br>
&gt; get correctly replaced and authorityInfoAccess is empty.<br>
&gt; Now we need to understand why it got generated this way, maybe something<br>
&gt; went wrong in the backup and restore procedure.<br>
&gt; Did you correctly followed this?<br>
&gt; <a href="http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificates" rel="noreferrer" target="_blank">http://www.ovirt.org/User:Adrian15/oVirt_engine_migration#Restore_Certificates</a><br>
&gt;<br>
&gt; thanks,<br>
&gt; Simone<br>
&gt;<br>
&gt;<br>
&gt; On Mon, Feb 1, 2016 at 5:49 PM, Marcelo Leandro &lt;<a href="mailto:marceloltmm@gmail.com">marceloltmm@gmail.com</a>&gt;<br>
&gt; wrote:<br>
&gt;&gt;<br>
&gt;&gt; Hello simone,<br>
&gt;&gt;<br>
&gt;&gt; yes,<br>
&gt;&gt; it&#39;s here:<br>
&gt;&gt;<br>
&gt;&gt; RANDFILE = .rnd<br>
&gt;&gt;<br>
&gt;&gt; [req]<br>
&gt;&gt;<br>
&gt;&gt; default_bits = rsa:2048<br>
&gt;&gt; default_keyfile = keys/cert.pem<br>
&gt;&gt; distinguished_name = req_distinguished_name<br>
&gt;&gt; attributes = req_attributes<br>
&gt;&gt; x509_extensions = v3_ca<br>
&gt;&gt;<br>
&gt;&gt; [req_attributes]<br>
&gt;&gt;<br>
&gt;&gt; [v3_ca]<br>
&gt;&gt;<br>
&gt;&gt; subjectKeyIdentifier = hash<br>
&gt;&gt; authorityInfoAccess =<br>
&gt;&gt;<br>
&gt;&gt; caIssuers;URI:<a href="http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&amp;format=X509-PEM-CA" rel="noreferrer" target="_blank">http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&amp;format=X509-PEM-CA</a><br>
&gt;&gt; authorityKeyIdentifier = keyid:always,issuer:always<br>
&gt;&gt; basicConstraints = CA:false<br>
&gt;&gt; keyUsage = critical,digitalSignature,keyEncipherment<br>
&gt;&gt; extendedKeyUsage = critical,serverAuth,clientAuth<br>
&gt;&gt;<br>
&gt;&gt; [custom]<br>
&gt;&gt; subjectKeyIdentifier = hash<br>
&gt;&gt; authorityInfoAccess =<br>
&gt;&gt;<br>
&gt;&gt; caIssuers;URI:<a href="http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&amp;format=X509-PEM-CA" rel="noreferrer" target="_blank">http://srv-ovirt01:80/ovirt-engine/services/pki-resource?resource=ca-certificate&amp;format=X509-PEM-CA</a><br>
&gt;&gt; authorityKeyIdentifier = keyid:always,issuer:always<br>
&gt;&gt; basicConstraints = CA:false<br>
&gt;&gt; keyUsage = critical,${ENV::OVIRT_KU}<br>
&gt;&gt; extendedKeyUsage = ${ENV::OVIRT_EKU}<br>
&gt;&gt;<br>
&gt;&gt; [req_distinguished_name]<br>
&gt;&gt;<br>
&gt;&gt;<br>
&gt;&gt; Thanks.<br>
&gt;&gt;<br>
&gt;&gt; 2016-02-01 11:49 GMT-03:00 Simone Tiraboschi &lt;<a href="mailto:stirabos@redhat.com">stirabos@redhat.com</a>&gt;:<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; On Mon, Feb 1, 2016 at 3:30 PM, Marcelo Leandro &lt;<a href="mailto:marceloltmm@gmail.com">marceloltmm@gmail.com</a>&gt;<br>
&gt;&gt; &gt; wrote:<br>
&gt;&gt; &gt;&gt;<br>
&gt;&gt; &gt;&gt; ERROR: on line 27 of config file &#39;cert.conf&#39;<br>
&gt;&gt; &gt;&gt; 139871306037152:error:0E065068:configuration file<br>
&gt;&gt; &gt;&gt; routines:STR_COPY:variable has no value:conf_def.c:618:line 27<br>
&gt;&gt; &gt;&gt; Cannot sign certificate<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt;<br>
&gt;&gt; &gt; This looks strange; can you please share the content of<br>
&gt;&gt; &gt; /etc/pki/ovirt-engine/cert.conf ?<br>
&gt;<br>
&gt;<br>
</div></div></blockquote></div><br></div></div>