<div dir="ltr"><div class="gmail_default" style="font-family:arial,helvetica,sans-serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Jun 24, 2016 at 7:43 PM, Scott <span dir="ltr"><<a href="mailto:romracer@gmail.com" target="_blank">romracer@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">You need to import your intermediate certificate and possibly your CA certificate into the ovirt-engine keystore. This is the command I used:<div><br></div><div>sudo keytool -importcert -trustcacerts -keystore /etc/pki/ovirt-engine/.truststore -storepass mypass -file /etc/pki/tls/certs/startcom.class1.server.ca.pem<br></div><div><br></div><div>The password is actually "mypass".</div></div></blockquote><div><br><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">This is not a correct solution although it's working for now. Correct steps are described at [1].<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Thanks<br><br></div><div class="gmail_default" style="font-family:arial,helvetica,sans-serif;display:inline">Martin Perina<br><br>[1] <a href="https://bugzilla.redhat.com/show_bug.cgi?id=1336838">https://bugzilla.redhat.com/show_bug.cgi?id=1336838</a><br></div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><br></div><div>Scott</div></div><br><div class="gmail_quote"><div dir="ltr">On Fri, Jun 24, 2016 at 11:33 AM Matt Haught <<a href="mailto:dmhaught@ncsu.edu" target="_blank">dmhaught@ncsu.edu</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">So I switched back to the original self-signed certs that I had luckily saved and was able to get in without error. Is there a new process for using non-self-signed certs with ovirt 4.0?<br><div class="gmail_extra"><br clear="all"><div><div data-smartmail="gmail_signature">Thanks,</div><div data-smartmail="gmail_signature">--<br>Matt Haught<br></div></div></div></div><div dir="ltr"><div class="gmail_extra">
<br><div class="gmail_quote">On Fri, Jun 24, 2016 at 11:19 AM, Matt Haught <span dir="ltr"><<a href="mailto:dmhaught@ncsu.edu" target="_blank">dmhaught@ncsu.edu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I just attempted an upgrade from 3.6 to 4.0 hosted engine and ran into an problem. The hosted engine vm updated without issue, but when I go to login to the web interface to continue the process I get:<div><br></div><div>sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target</div><div><br></div><div>at every page load and I can't login. I have a feeling that the issue comes from where I replaced the self-signed certs with trusted ca signed certs a year ago. Is there a work around?</div><div><br></div><div>CentOS 7.2</div><div><br></div><div>Thanks,<span class=""><font color="#888888"><br clear="all"><div><br clear="all"><div><div data-smartmail="gmail_signature">--<br>Matt Haught<br></div></div>
</div>
</font></span></div></div><span class=""><font color="#888888">
</font></span></blockquote></div><span class=""><font color="#888888"><br></font></span></div></div><span class=""><font color="#888888">
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org" target="_blank">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
</font></span></blockquote></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
<a href="http://lists.ovirt.org/mailman/listinfo/users" rel="noreferrer" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
<br></blockquote></div><br></div></div>